In message <20020613212153.GN71564@overlord.e-gerbil.net>, Richard A Steenberge n writes:
On Thu, Jun 13, 2002 at 02:34:29PM -0500, Stephen Sprunk wrote:
WEP's only real failure was the failure to specify keying; vendors (and users) with less security experience interpreted this to mean static keys were sufficient.
The choice of RC4 was unfortunate given the above problem, but the coming switch to AES should fix that.
Most existing wireless APs cannot keep up with 802.11b doing RC4 (which is EXTREMELY light on the cpu) at line rate.
RC4 if used properly is light-weight. 802.11 is employing it in an unnatural environment, and that causes trouble, including performance issues. More specifically -- RC4 is a stream cipher, which means that it must be employed over a reliable underlying data stream. It's perfect above TCP, for example. But 802.11 is a packet environment, with no underlying stream. Accordingly, the base RC4 key -- 40 bits or 112 bits -- is combined with a 24-bit number (sometimes a counter, sometimes random, but in either case sent in the clear in the packet) to form an actual RC4 key that's used to encrypt just a single packet. The problem is that key setup is roughly as expensive as encrypting 300 bytes or thereabouts. So all those 40-byte TCP ACK packets are a lot more expensive for crypto processing than they should be. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
participants (1)
-
Steven M. Bellovin