That's correct. However, there are some IVs which are weaker than others and subject the RC4 cipher to various attacks which make it easier to recover the static key.Arrow Mk84 wrote:
I tracked down my coworker (who's now with another company) and had him comment on my post and yours. His reply:
He is more or less correct. The amount of time that passes is not correct. And all IV’s are weak. They are just too few bits. And once you have two of the same IV’s you also have user-defined part of WEP, since the user-defined part of WEP never changes. WEP key is both the IV and the user side.
See here, for example.
Your information is completely consistent with what I said, which was "from hours to days, depending on the amount of traffic". Note the sentence below:So, yes, my statement was oversimplified, but its not going to take days to break into a wireless network.
It might be better to express this in terms of a number of packets you must collect. Assuming that the implementation chooses a new IV after every packet, as it should, then the upper limit for the packets you need to collect is 2^24. The quotation above tells us that this will take at most five hours on a fully utilized network. If the network has very little traffic, then you will need to wait longer to collect enough packets. In the paper I cited, the author reports needing between 500,000 and 2,000,000 packets to crack WEP.A busy access point, which constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000 seconds, or 5 hours. (The amount of time may be even smaller, since many packets are smaller than 1500 bytes.)
