Problems with WEP

On 802.11 networks, you can enable WEP (wired equivalent privacy), which encrypts the body of each
frame. This is supposed to keep hackers from viewing sensitive e-mails, user names and passwords,
proprietary documents, etc. However a hacker can fairly easily decode WEP-encrypted information
after monitoring an active network for less than one day.

Consequently, don't depend on WEP for protecting sensitive information. The use of WEP in most
cases, nevertheless, is better than no encryption at all, especially if you deploy a mechanism to
change the WEP key often

What's wrong with WEP?

WEP has been part of the 802.11 standard since initial ratification in September 1999. At that time,
the 802.11 committee was aware of some WEP limitations; however, WEP was the best choice to
ensure efficient implementations worldwide. Nevertheless, WEP has undergone much scrutiny and
criticism over the past couple years.

WEP is vulnerable because of relatively short IVs and keys that remain static. The issues with WEP
don't really have much to do with the RC4 encryption algorithm. With only 24 bits, WEP eventually
uses the same IV for different data packets. For a large busy network, this reoccurrence of IVs can
happen within an hour or so. This results in the transmission of frames having keystreams that are
too similar. If a hacker collects enough frames based on the same IV, the individual can determine the
shared values among them, i.e., the keystream or the shared secret key. This of course leads to the
hacker decrypting any of the 802.11 frames.

The static nature of the shared secret keys emphasizes this problem. 802.11 doesn't provide any
functions that support the exchange of keys among stations. As a result, system administrators and
users generally use the same keys for weeks, months, and even years. This gives mischievous culprits
plenty of time to monitor and hack into WEP-enabled networks. Some vendors deploy dynamic key
distribution solutions based on 802.1X, which definitely improves the security of wireless LANs.

Content Copyright © Original Author