NetStumbler.org Forums - View Single Post

Madory · 03-05-2005

Not sure if this question fits in this forum but I'm sure to be corrected if I'm wrong, so here goes...

What is the origin of the 5% and the 13% probabilities in the WEP attacks? I have read the FMS and H1kari papers and understood them (I think). Now, I know that:

Prob of success = e^(-3) = 5% (when all X, Y and Z are not swapped)
and
Prob of success = e^(-2) = 13% (when two of X, Y and Z are not swapped)

I already know that they come from modeling the remaining KSA swaps as random, but how are these stats derived?

On Pg. 9 of the FMS paper there is a reference to the following formula:
e^(-2B/N)
where B is the # of the byte of the SK being attacked and N is the length of the keystream. But this formula doesn't seem to apply to my question because there aren't any logical values of B and N that make (2B/N) equal to 2 or 3.

Is there a general form of some crypto-analytical formula that applies here?

Thanks for the help!

03-05-2005	#44 (permalink)
Madory Registered Member Join Date: Jan 2005 Posts: 3	Mathematical origin of 5% and 13% in WEP attacks Not sure if this question fits in this forum but I'm sure to be corrected if I'm wrong, so here goes... What is the origin of the 5% and the 13% probabilities in the WEP attacks? I have read the FMS and H1kari papers and understood them (I think). Now, I know that: Prob of success = e^(-3) = 5% (when all X, Y and Z are not swapped) and Prob of success = e^(-2) = 13% (when two of X, Y and Z are not swapped) I already know that they come from modeling the remaining KSA swaps as random, but how are these stats derived? On Pg. 9 of the FMS paper there is a reference to the following formula: e^(-2B/N) where B is the # of the byte of the SK being attacked and N is the length of the keystream. But this formula doesn't seem to apply to my question because there aren't any logical values of B and N that make (2B/N) equal to 2 or 3. Is there a general form of some crypto-analytical formula that applies here? Thanks for the help!