From: ingeborn@ixsecurity.com Sent: Monday, November 12, 2001 8:49 AM To: pen-test@securityfocus.com; sectools@securityfocus.com Subject: iXsecurity-Cryptanalysis Lucent Orinoco CM iXsecurity November 9th 2001 -[ SUMMARY ]- Lucent Orinoco Client Manager stores SSID and WEP secret for all known profiles in the Windows registry. The WEP secret is encrypted and the algorithm is not, as far as we know and up until today, publicly documented. During an assignment, a client asked about the risks of losing a configured laptop :-) There are at least two (bad) things an attacker can do to obtain access to the WaveLan: 1. It is possible to copy the values right off from one laptop into another and then connect to the WaveLan. Thus, the result of the encryption is not salted nor unique to the installation. 2. It is possible to reverse the encryption to get the plain text WEP secret and then use it to configure another card. -[ ALGORITHM ]- The algorithm is short and we give an overview here. It runs in blocks of three plain text characters. They are expanded into a block of 5 cipher text characters. Every plain text character, affects two characters in a cipher text block (but cipher text character 2 is only affected by plain text character 1). The last plain text character in one block also affects the first cipher text character of the next block. Thus the blocks are chained together, i.e. they cannot be decrypted independently of each other. The start value for the very first plain text block may be seen as an IV. For each of the three plain text characters in a plain text block there is a separate permutation, mask and addition. -[ PROGRAM ]- We have written a program that can be used to encrypt WEP secrets into registry values or to decrypt registry values into plain text WEP secrets. To test this, we use ORiNOCO Client Manager ver. 1.18 and Windows 2000. The program is available at http://www.cqure.net/lrc/ Anders Ingeborn, ingeborn@ixsecurity.com Patrik Karlsson, patrik.karlsson@ixsecurity.com