From http://www.wifi-forum.com/wf/archive/index.php/t-3187.html
The difference is really pretty trivial. In shared-key authentication, the
AP sends out a pseudo-random sequence of bytes, unencrypted. The station
trying to associate must encrypt the string and send it back. The AP doesn't
allow the association process to complete unless it recovers the original
string by decrypting (which "proves" that the client is using the same WEP
key). In open authentication, any station is allowed to associate. But if
WEP is used, association is useless. You still have to encrypt correctly in
order to exchange any IP packets. All you've really done is push
authentication up to layer 3.
The main problem with shared-key authentication is that it gives a hacker
monitoring the network a free sample of a matched plaintext/codetext pair.
At the very least it allows the hacker to recover the exact keystream used
to encrypt that frame, which can then be directly used to decrypt the first
several bytes of any subsequent frame using the same IV value. It is also a
freebie first entry in a database that could eventually be used to recover
the shared key. Also, the plaintext may give some insight into the
pseudorandom algorithm used by the AP, which might also be used in
encryption.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment