Mathematicians have long known about the flaws in the RC4 key scheduling
algorithm in the WEP WiFi Protocol, but in practice, it has required
several minutes to break the key. Now, that time is down to 3 seconds,
according to German researchers and reported by Computerworld on Wednesday.
Erik Tews, a researcher in the computer science department at Darmstadt University of Technology in Darmstadt, Germany, and his team will soon demonstrate
that they can extract the 104-bit key in just 3 seconds with a 1.7 GHz Pentium M processor.
The message is that anyone currently using the WEP protocol with data they want
to keep private should consider switching to a better protocol. The
researchers suggested that even some PDAs or mobile phones with the right hardware
could penetrate the WEP security, for example, someone casually walking through an office.
“Although stronger encryption methods have come along since the first flaws in WEP were discovered, the new attack is still relevant,” the researchers said. A survey
of a large German city found that 59 percent of the WiFi networks were still using
WEP while only 18 percent were using the newer WPA protocol.
While there are methods available to circumvent easy attacks for those unable to switch their hardware, the researchers recommended immediately switching to WPA if the current hardware supports it.
“Depending on your skills, it will cost you some minutes to some hours to switch your network to WPA. If it would cost you more than some hours of work if such private data becomes public, then you should not use WEP anymore,” Mr. Tews said.