Wired Equivalent Privacy (WEP) is the original encryption system created for 802.11 networks. To say WEP is flawed is like saying that Alaska can be a bit chilly; it doesn’t do the enormity of the problem any justice. WEP is woefully insecure, and any determined person can defeat it using free tools available on the Internet.
The WEP encryption standard has two primary weaknesses that make it susceptible to attack: key distribution and encryption. Both are seriously flawed and provide opportunities for crackers to defeat WEP encryption.
Crackers can passively attack WEP, meaning that they don’t have to do anything overt to discover the key and perhaps reveal their presence. Because of the way WEP implements encryption, a cracker can passively record network traffic, and once he has recorded a maximum of 25GB of data, recover the encryption key in seconds. On a busy WLAN, it’s possible to record this amount of data in a few hours.
Note | Describing the operation of any encryption system in any depth is complicated and beyond the scope of this book. WEP, although flawed, is no exception so this is an extremely simplified explanation of how WEP actually works — for the sole purpose of illustrating some of the problems. |
The big problem with key distribution in WEP is that the standard doesn’t even describe how manufacturers should implement this feature. In practice, and on most consumer WLANs, everyone on the network is using the same key. This means that collecting traffic between any two nodes on the network will eventually reveal the key for everyone’s communication.
WEP uses a random 24-bit string called an initialization vector (IV) combined with the secret key to create a pseudo-random key for each data packet. This is supposedly to prevent two ciphertexts from being encrypted with the same key. Remember, one of the ways to attack encryption is statistical analyses of patterns, such as frequency analyses.
The big problem with this approach is the way the WEP standard utilizes the IV. The IV is sent with each packet, as plaintext, that is in-the-clear. Twenty-four bits is short; if a cracker collects enough data packets he will eventually find two packets, or ciphertexts, generated with the same initialization vector. Then, using statistical analysis, he can discover the secret key and decipher all communications.
The WEP standard doesn’t establish how manufacturers should generate the IV or that it must be 24 bits long. Do you remember what I said about entropy, or randomness of an encryption? The shorter the IV, the greater likelihood that the same number will be used more than once. Worse than this, some manufacturers do not even change the IV packets, because according to the WEP standard, it’s optional.
Because WEP implements encryption so poorly and doesn’t require manufacturers to comply with portions of the standard (key length and generation), it’s susceptible to basic cryptanalysis techniques and unsuitable for protecting important data.
Now that you understand why WEP is insecure, I must stress one point: if WEP is all that’s available on your Wi-Fi equipment, use it. Even flawed encryption is better than none at all. As long as you realize that WEP affords you minimal protection and protect your data accordingly, then there is no reason not to use it.
Even though WEP is easily cracked, you’ll be adding a step for anyone who wants to break into your WLAN, and that may make a cracker move on to try another network rather than make the effort.
If you use WEP on your network, there are a few things that you can do to avoid making it any easier for crackers. These are:
Upgrade your device’s firmware
Use passwords or phrases that are as long as possible
Select the highest encryption setting
Change the factory default key
Change the key periodically
Most new devices have upgradeable firmware. If your device does, be sure that you download and install any updates provided by the manufacturer. In many cases, the manufacturer may have improved its implementation of WEP, making it slightly more secure. In some cases, manufacturers have replaced WEP with the improved Wireless Protected Access (WPA) standard.
If your software prompts you for a password or passphrase for key generation, use one that is as long as possible. Follow all the best practices for passwords listed in Chapter 11. When using a keyphrase, don’t select a passage from a book. This is the equivalent of using a password comprised of a single dictionary word.
Many Wi-Fi devices offer encryption settings as low as 40 bits and as high as 128 bits. Use the highest setting available on your device. This will increase the difficulty of discovering the WEP key, although the IV remains 24 bits and is still a weak point.
If your device has a default WEP key, be sure to change that prior to setting up your WLAN. Any default settings on your Wi-Fi gear are common knowledge to crackers and as a result are completely insecure.
Lastly, change your WEP key periodically. The more often you change it, the harder it will be for a cracker to discover the key and compromise your network.