Comment Re:More Secure, but not? (Score 1) 84
Sure, you could still use the IV collision attack in this new system, but they have tried to make it harder to do. First, in the original WEP, you would only have to track one IV space per shared key (so, basically, per one network.) In this proposal, each sender uses a different key, so you would have to track the IV space per sender (i.e., if sender A uses one IV, and sender B uses that same IV, no information is revealed, whereas in the old system it was.)
Plus, in their new specification, they say that IVs cannot be reused. Since the IV space is per sender now, each sender can just keep track of what their most recently used IV was, and increment it with each packet. Of course, you still have to change the shared secret when you run out of IV space, which seems really unreasonable, especially since the IV space is now only 2^16, instead of the 2^24 (the new spec changed it to get rid of a portion of really bad IVs).
Plus, in their new specification, they say that IVs cannot be reused. Since the IV space is per sender now, each sender can just keep track of what their most recently used IV was, and increment it with each packet. Of course, you still have to change the shared secret when you run out of IV space, which seems really unreasonable, especially since the IV space is now only 2^16, instead of the 2^24 (the new spec changed it to get rid of a portion of really bad IVs).
