Home > Articles > Networking > Wireless/High Speed/Optical

  • Print
  • + Share This
This chapter is from the book


WEP has a number of well-documented vulnerabilities that significantly limit its ability to safeguard data. In this chapter, we reviewed how WEP and XORing work to help you understand the problems and go beyond the “WEP is Bad” headlines. The underlying encryption engine used by WEP is RC4, which is widely used in various Internet protocols including secure Web pages (HTTPS). When it comes to WEP flaws, the problem isn't RC4. The problem is the way that RC4 is implemented. In particular, the implementation of IVs is flawed because it allows IVs to be repeated and hence, violate the No. 1 rule of RC4: Never, ever reuse a key.

Newsham exposed another vulnerability of WEP by demonstrating that the key generator used by many vendors is flawed for 40-bit key generation. Using a typical laptop, he was able to crack a 40-bit key is less than a minute.

Another flaw of WEP, in the key scheduling algorithm, was discovered by Fluhrer, Mantin, and Shamir. This weakness, exploited by commonly available tools such as AirSnort, WEPCrack and dweputils, has the ability to crack WEP keys by analyzing traffic from totally passive data captures. If your network is consistently generating traffic at peak speeds, the WEP key (64 or 128 bit) can be cracked after capturing just a few hours of encrypted data. On a network with minimal activity, this attack could take days or even weeks to capture the requisite traffic. Some packet injection techniques, however, have the ability to artificially flood the network with activity to reduce the amount of time it takes to collect enough packets for an FMS attack. On the other hand, keep in mind that vendors who include weak key avoidance techniques in their firmware (which most do) are not vulnerable to FMS attacks. So, be sure to update your firmware on a periodic basis!

These issues don't make WEP useless, it just means that you have to be careful about how and when you use it. If you aren't able to implement anything else (such as WPA), and the only thing you have is WEP, then go ahead and use it. If you're in a network with minimal security requirements, WEP may be appropriate.

I recommend using WEP and changing keys on a regular basis, if for no other reason, then because it identifies your network as private. Since the 802.11 protocol has no other way to tell the world that they shouldn't be attempting to associate with your AP, using WEP is a first line of defense to keep intruders out, or at least put them on notice that a No Trespassing sign has been posted.

  • + Share This
  • 🔖 Save To Your Account