Wired Equivalent Privacy (WEP) was the first wireless security protocol. Originally, WEP used a 40-bit encryption key, but this was later extended to 104 bits due to concerns over the security of the WEP standard. This change, however, was little more than a stop-gap measure, meant to make WEP less susceptible to brute-force attacks. WEP used a 24-bit initialization vector (IV) when encrypting both 40-bit and 104-bit ciphers. This 24-bit IV is vulnerable to cracking due to the low number of possible permutations (16,777,216 for those of you keeping count). Just last year, researchers succeeded in cracking 104-bit WEP encryption in about two minutes using an old Pentium-M machine.
Unfortunately, WEP's flaws have yet to drive it from the market. As recently as last November, surveys showed that up to 25 percent of WAP hotspots were still using WEP, and the largest data theft in US history is thought to have been caused by the use of WEP encryption. Now that even WEP's 104-bit encryption can be brute-forced easily, this standard should no longer be considered secure by any measure.
Easily cracked, but still used about a quarter of the time
There is, however, a reason to mention it here. Despite its numerous flaws and weaknesses, running WEP is still better than running your wireless access point completely in the clear, and it'll at least keep your neighbors (or random passers-by) from surfing on your network. WEP should also be compatible with virtually any router ever made, including orphaned models that haven't seen firmware updates in years. Your best bet when dealing with this kind of situation is to replace the router, but if that's not possible for whatever reason, WEP may be all you've got.
There have been a few other WEP-related encryption standards worth mentioning here. WEP2 was a short-lived attempt to improve on the original standard by incorporating both a 128-bit encryption key and a 128-bit initialization vector. WEP2 doesn't improve on any of the inherent weaknesses of the WEP model, but it does make brute-force attacks substantially more difficult. In the absence of support for other standards, WEP2 is a better option than standard WEP.
Several other vendors have developed their own specific and proprietary technologies to address WEP's flaws. These typically require a matched WAP and adapter combination, and their efficacy may vary widely. Again, such solutions should only be considered only when they represent the best alternative to a standard WEP configuration or no security whatsoever.
Unfortunately, WEP's flaws have yet to drive it from the market. As recently as last November, surveys showed that up to 25 percent of WAP hotspots were still using WEP, and the largest data theft in US history is thought to have been caused by the use of WEP encryption. Now that even WEP's 104-bit encryption can be brute-forced easily, this standard should no longer be considered secure by any measure.
Easily cracked, but still used about a quarter of the time
There is, however, a reason to mention it here. Despite its numerous flaws and weaknesses, running WEP is still better than running your wireless access point completely in the clear, and it'll at least keep your neighbors (or random passers-by) from surfing on your network. WEP should also be compatible with virtually any router ever made, including orphaned models that haven't seen firmware updates in years. Your best bet when dealing with this kind of situation is to replace the router, but if that's not possible for whatever reason, WEP may be all you've got.
There have been a few other WEP-related encryption standards worth mentioning here. WEP2 was a short-lived attempt to improve on the original standard by incorporating both a 128-bit encryption key and a 128-bit initialization vector. WEP2 doesn't improve on any of the inherent weaknesses of the WEP model, but it does make brute-force attacks substantially more difficult. In the absence of support for other standards, WEP2 is a better option than standard WEP.
Several other vendors have developed their own specific and proprietary technologies to address WEP's flaws. These typically require a matched WAP and adapter combination, and their efficacy may vary widely. Again, such solutions should only be considered only when they represent the best alternative to a standard WEP configuration or no security whatsoever.
Comments