This appendix describes the process needed to modify a WEP-encrypted packet and ensure that the CRC for the packet remains valid, in other words, the bit-flipping attack.

Assume that a sender wishes to send a message to a recipient, and that he wishes to use a CRC to detect errors during transmission.

Let the message, M(x), be the single ASCII letter N: M(x) = 01001110, and let the CRC generator be G(x) = x3 + x2 + 1, or 1101. To compute the CRC value, M(x) is first multiplied by the degree of G(x), which is 3. Because multiplication in GF(2) is a left shift, we end up with M'(x) = 01001110000. This value is now divided by G(x), and because division in GF(2) is the XOR operation, the result is:

 ------------ ...