Remember, WEP actually uses an encryption key of either 64 or 128 bits, using only hexadecimal characters (0-9, A-F). This length of a key is not very secure with the amount of computing power that people have in their pockets. WEP is not a good encryption standard; however, it is better than no security.
Whats wrong with WEP? IV values can be reused In fact the standard does not specify that the value needs to change at all. Reusing keys is a major cryptographic weakness in any security system. IV length is too short 24 bit keys allow for around 16.7 million possibilities.
Weak keys are susceptible to attack Certain keys value combinations, Weak IVs, do not produce sufficiently random data for the first few bytes. This is the basis of the highly publicized attacks on WEP and the reason that keys can be discovered. Manufacturers often deliberately disallow Weak IV values.
An exploration of the security weaknesses of the Wired Equivalent Privacy (WEP). OPENXTRA Freestuff ArticlesProjectsAboutOPENXTRA Why is WEP crackable? How WEP weaknesses affect your wireless network security Denis Laverty What is WEP? WEP stands for Wired Equivalent Privacy.
WEP uses secret keys to encrypt data. Both AP and the receiving stations must know the secret keys. There are two kinds of WEP with keys of either 64bits or 128bits. The longer key gives a slightly higher level of security (but not as much as the larger number would imply).
The IV is different (in theory) for each packet, while the secret key is fixed. The resulting packet data looks like random data and therefore makes the original message unreadable to an outsider not knowing the key. The receiving station reverses the encryption process to retrieve the message in clear text.
Manufacturers often deliberately disallow Weak IV values. This is good in that it reduces the chances of a hacker capturing weak keys, but also has the effect of reducing the already limited key possibilities further, increasing the chance of reuse of keys. Master keys are used directly.
Conclusion. Although WEP is far from an ideal security solution you should still use it. Some security is better than none. A determined attacker may be able to discover your keys given time and enough weak IVs, but thats no reason to leave all of your doors open.
Master keys should only be used to generate other temporary keys. WEP is seriously flawed in this respect. Key Management and updating is poorly provided for. Administration of WEP keys is not well designed and difficult to do on large networks.
Message integrity checking is ineffective. WEP does have a message integrity check but hackers can change messages and recompute a new value to match.
WEP encrypts all traffic using a 64 or 128 bit key in hexadecimal. This is a static key, which means all traffic, no matter the device, is encrypted using the single key. This protocol stood up for a while until the computing power in everyday computers grew with the improvements in IPC and clock speeds of processors.
Remember, WEP actually uses an encryption key of either 64 or 128 bits, using only hexadecimal characters (0-9, A-F).
Wired Equivalent Privacy (WEP) is a security algorithm for wireless networks. It was introduced as a part of the original 802.11 standard that was ratified in 1997. As an early-day solution, its goal was to prevent Man-in-the-Middle attacks, which it did for a time. WEP encrypts all traffic using a 64 or 128 bit key in hexadecimal.
However, the WPA attacks required the use of a dictionary and never found the password to the network. Guiding Tech points out that, “The hole in a wall lies in the way WEP encrypts the packets with a static encryption key.
The standard was superseded by Wi-Fi Protected Access in 2003, with WPA2 the following year. The IEEE declared in 2004 that both WEP-40 and WEP-104, “have been deprecated as they fail to meet their security goals”.
WEP is not a good encryption standard; however, it is better than no security. It encrypted all traffic to and from the access point using a static key, which was its downfall. This downfall can now be exploited by common, everyday computers.