Cryptology 435When the recipient receives a WEP-encrypted packet, the process is simply
reversed. The recipient pulls the IV from the message and then concatenates
the IV with his own WEP key to produce a seed value of S. If the sender and
receiver both have the same WEP key, the seed values will be the same. This
seed is fed into RC4 again to produce the same keystream, which is XORed
with the rest of the encrypted message. This will produce the original plaintext
message, consisting of the packet message M concatenated with the integrity
checksum CS. The recipient then uses the same CRC32 function to recalculate
the checksum for M and checks that the calculated value matches the received
value of CS. If the checksums match, the packet is passed on. Otherwise, there
were too many transmission errors or the WEP keys didn’t match, and the
packet is dropped.
That’s basically WEP in a nutshell.
0x772 RC4 Stream Cipher
RC4 is a surprisingly simple algorithm. It consists of two algorithms: the Key
Scheduling Algorithm (KSA) and the Pseudo-Random Generation Algorithm
(PRGA). Both of these algorithms use an 8-by-8 S-box, which is just an array of
256 numbers that are both unique and range in value from 0 to 255. Stated
simply, all the numbers from 0 to 255 exist in the array, but they’re all just
mixed up in different ways. The KSA does the initial scrambling of the S-box,
based on the seed value fed into it, and the seed can be up to 256 bits long.
First, the S-box array is filled with sequential values from 0 to 255. This
array will be aptly named S. Then, another 256-byte array is filled with the seed
value, repeating as necessary until the entire array is filled. This array will be
named K. Then the S array is scrambled using the following pseudo-code.
j = 0;
for i = 0 to 255
{
j = (j + S[i] + K[i]) mod 256;
swap S[i] and S[j];
}
Once that is done, the S-box is all mixed up based on the seed value.
That’s the key scheduling algorithm. Pretty simple.
24-bit IV Ciphertext CPlaintext message P (M with 32-bit CS)Keystream generated by RC4(seed)XORequals