Home routers and security flaws

Home routers and security flaws

I am very dubious about this "less than 10 seconds" remark.

My impression after trying WEP crackers on friendly networks was that they weren't very effective. No doubt the possibility that a determined and resourceful attacker would eventually succeed in obtaining your WEP key is a valid threat model, and I agree it would be better to upgrade to better technology where possible, but "10 seconds" doesn't match my experience.

I spent several days monitoring active (and friendly) business networks with tools that made these sort of claims, and in each case they failed to retrieve a workable key. In that time I learned several things relevant to the "10 seconds" claim.

• You can't crack a network that's idle. The beacon packets are plaintext, so you're reduced to just guessing keys and trying to connect, there are 2^56 keys so that's not viable even if no-one notices your billions of failed attempts.

• Crackers are mostly looking for "weak IVs" which are an implementation error in early APs. If your AP doesn't spit out lots of weak IVs then your WEP implementation will take much longer to crack.

• Although having more eavesdropped data available improves the performance of the cracking software it isn't linear, so collecting data for twice as long won't halve the time taken to guess a key.

• The attack is probabilistic, so sometimes it won't work and the only way to know why would be to start with the real key value, and if you had that (which I did) then attacking WEP is only an exercise.