My understanding is that the passphrase is appended as provided to an "initialization vector"
The
key is appended, etc.; using the passphrase as-is as the binary key would be a poor way of doing it, as ASCII (or any easily typeable) key would have relatively little entropy: at worst, if everything is a-z, your 104-bit WEP has just become 61.1-bit WEP. Much better is to hash the passphrase to generate the key.
Here's the WEP help from my router (Linksys/Cisco WRT54G):
Passphrase: You may enter a passphrase consisting of any keyboard character to be used to generate a hex WEP key. Passphrase option is only supported when you are only using Linksys devices on your network.
Key 1-4: You may enter a WEP key manually. You must use only hex characters (0-9 and A-F). 64-Bit WEP requires 10 hex characters. 128-Bit WEP requires the use of 26 hex characters.
This sounds awfully like what I just described, especially considering I only went and read it after I wrote the description.
Now of course if what Bruno is saying is that Windows only allows 13-character passphrases
for WPA, then that is indeed broken.
Peter
Previous Topic
Index
