• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Gaming
    • Hardware
    • Internet
    • iOS
    • MacOS
    • Office
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About Technipages
Is WEP Good for WI-FI Security?

Is WEP Good for WI-FI Security?

By Mel Hawthorne Leave a Comment

Pretty much every home has a Wi-Fi network. While many of those networks may have no password, most people have password-protected their home network. What you may not know is that the password isn’t just used to restrict access to your Wi-Fi. It’s also used as an encryption key to encrypt the data being transmitted between your devices and your home router. This encryption protects you from hackers that may try to “listen” to the Wi-Fi transmissions and use that to hack into your network or monitor your internet activity.

At least, the encryption is supposed to protect you from hackers. Unfortunately, not all encryption is as strong as it should be. WEP, short for Wired Equivalent Privacy is one of those examples. Research has been shown and tools are publicly available that can hack into any Wi-Fi network that uses WEP in as little as a minute.

What is WEP?

WEP was the only encryption option supported in the first Wi-Fi protocol release in 1997. The protocol is relatively simple when broken down. A 40-bit encryption key is combined with a randomly-generated 24-bit Initialisation Vector (IV) to create a 64-bit “seed”. The seed is used to give the RC4 encryption cipher a starting point, from which it generates a binary keystream. The keystream is then XOR’d with the data to be encrypted, known as “plain text” to create the “ciphertext”.

Tip: XOR is a logical comparison process that compares two binary values. XOR stands for “exclusive or”, as such it is true if only one of the two values is true (a binary 1).

To decrypt and retrieve the plaintext, you just need to XOR the ciphertext with the keystream again. The keystream can be recreated because the receiver knows the encryption key and is sent the IV in plain text. When the encryption cipher is given the same seed, it will produce the same output.

Weakness of WEP

This was the strongest the algorithm could be when it was written in 1997. At the time, encryption was legally classed as a munition and was therefore subject to strict export controls in the US.

Unfortunately, the legislated weakness of the encryption key meant that it was relatively easy to break WEP. In 2001 three security researchers published details of a passive attack on WEP that can be used to recover the encryption key by simply eavesdropping on the Wi-Fi traffic.

When using a stream cipher such as RC4, it is important to ensure that the same keystream is never used twice. This is why a random IV is used, it changes for each network packet sent, preventing the keystream from being identical each time as it would be if just the encryption key was used. Unfortunately, a 24-bit IV is simply not long enough to ensure enough possible combinations. After 5000 network packets, there is a 50% chance that the same IV will be used again.

The problem with using the same IV, is it means the same keystream is used. In this case cryptanalysis (the analysis of cryptographic data) can be performed that can determine the original encryption key.

In a heavily used network, more than 5000 packets can be sent in a single minute. Even if the network is not heavily used, it is possible for the attacker to trick devices into sending more packets. Software is now freely available that can perform the whole process in minutes.

When US encryption export restrictions were relaxed, the WEP protocol was upgraded to support larger encryption keys, however, the uptake was not particularly widespread and the protocol still suffered a number of weaknesses. One such issue is the use of the RC4 algorithm, now widely regarded as too weak to be considered secure.

Replacement

In 2003 WPA (short for Wi-Fi Protected Access) was released as an emergency replacement to the clearly weak and vulnerable WEP algorithm. A year later, in 2004 the full WPA2 protocol was released and became the Wi-Fi encryption standard and WEP was officially deprecated.

Tip: Deprecation is the process of retiring a standard. It indicates that the deprecated standard should no longer be used.

What Wi-Fi encryption should you use?

Where available the WPA3 protocol should be used, with WPA2 being the fallback position. Given that WPA2 was released in 2004 only limited amounts of even legacy hardware won’t support WPA2. In those situations WPA and WEP are still better than no encryption, however, you should be aware that anyone that wanted to access your Wi-Fi network would be able to do so with relative ease in the case of WEP or WPA.

You Might Also Like

  • How Good is Norton VPN? What You Need to Know!
    How Good is Norton VPN? What You Need to Know!
  • Is AVG Secure VPN Good?
    Is AVG Secure VPN Good?
  • Need a Good Sim Card for The Usa? Here's 8 You Can Buy Right on Amazon
    Need a Good Sim Card for The Usa? Here's 8 You Can Buy Right…
  • Review: Is Avast VPN Good?
    Review: Is Avast VPN Good?
  • How to Test VPN's Security
    How to Test VPN's Security
  • What Is OpenVPN Going to Do to My Internet Security?
    What Is OpenVPN Going to Do to My Internet Security?
  • How to Increase Privacy and Security on Firefox
    How to Increase Privacy and Security on Firefox
  • Firefox: How to Get Security Breach Notices
    Firefox: How to Get Security Breach Notices
  • WhatsApp Security Scams and How to Protect Yourself
    WhatsApp Security Scams and How to Protect Yourself

Filed Under: Internet

Reader Interactions

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • How to Add a Hyperlink in Excel
  • What Are The Different Types Of DDR?
  • What Is Non-Volatile Memory?
  • SATA: What It Is and What You Need to Know
  • SLC vs MLC vs TLC vs QLC vs PLC
  • What is SLC Caching?
  • What Is Host Memory Buffer (HMB) in SSD?
  • DRAM on an SSD: Is It Something You want?

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

You May Also Like

  • Pretty Good Privacy (PGP)
  • Need a Good Sim Card for The Usa? Here's 8 You Can Buy Right…

© Copyright 2022 Technipages · All Rights Reserved · Privacy