RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless
LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be
secured.
What is the most likely cause behind this?
A.
There are some flaws in the implementation.
B.
There is no key management.
C.
The IV range is too small.
D.
All of the above.
E.
None of the above.
Explanation:
Because RC4 is a stream cipher,the same traffic key must never be used twice. The
purpose of an IV,which is transmitted as plain text,is to prevent any repetition,but a 24-bit IV is not
long enough to ensure this on a busy network. The way the IV was used also opened WEP to a
related key attack. For a 24-bit IV,there is a 50% probability the same IV will repeat after 5000
packets.
Many WEP systems require a key in hexadecimal format. Some users choose keys that spell
words in the limited 0-9,A-F hex character set,for example C0DE C0DE C0DE C0DE. Such keys
are often easily guessed.