Erik Tews and Martin Beck’s paper, Practical Attacks against WEP and WPA (now available for download), walks through how they re-examined and combined processing attacks. But the takeaway is that WEP, already known to be very broken is, well, very very very broken. Previous attacks, per their analysis, required from 32,000 to 40,000 packets to be processed to gain a 50-percent likelihood of key recovery. They moved that down to about 24,000.
WEP is still widely used in certain quarters, by home users who don’t care about security but simply are setting up a no trespassing sign (which is enforceable by law in many states and countries now); by those who know no better; and by retailers who use systems that are either expensive to upgrade or must be replaced to stop using WEP.
Retailers who accept credit cards may not deploy new systems with WEP starting 1-April-2009, and must discontinue all use of WEP by 30-June-2010 according to new guidelines set by the credit industry giants.
New Credit Card Processing Rules Kill off WEP (in 2009)
Brit’s Back: “Womanizer” Tops Charts, Record Books
(E! Online)
Atom Feed (xml)