This chapter has covered a lot of material. We have discussed the various forms of encryption, XORing, streaming ciphers, RC4, CRC, binary conversions, WEP, and more. Now that you understand the intricacies of WEP and RC4 implementation, we will end this chapter with a sharp warning. WEP is inherently weak because of the way the IVs are created. If a hacker can collect roughly 1,000,000 “5,000,000 packets (which requires 2 “4 hours on a high-traffic wireless network), she can extract the password from the air ”which brings us to a more important point. Now that you have mastered WEP security, we are going to show you how to break it.
In addition to the problems with WEP encryption, there are multiple implementation problems with WEP that can compromise the intended security. These problems can lead to data decryption, traffic injection, or secret key revelation. The worst of these problems is the ability to derive the secret key by choosing specific IV values that compromise the secret key.