WEP defines methods through which wireless data should be secured. Thanks to this standard, a consumer can purchase one brand of WNIC (Wireless Network Interface Card) and assume it will work with another vendor's access point. In addition, by using a standard like WEP, other vendors can build software and hardware products to augment various aspects of wireless networking without having to rewrite the code for each and every device. This makes for a stronger and more productive market, and helps facilitate commerce ”or in this case, the widespread use of wireless networks.
WEP uses the RC4 algorithm to encrypt its data. This is one of the most popular methods of encryption, and is used in various applications, including Secure Sockets Layer (SSL), which is integrated into most e-commerce stores. RC4 uses a streaming cipher that creates a unique key (called a packet key ) for each and every packet of encrypted data. It does this by combining various characteristics of a preshared password, a state value, and a value known as an initialization vector (IV) to scramble the data. This part of RC4 is known as the Key Scheduling Algorithm. The resultant array is then used to seed a Pseudo-Random Generation Algorithm, which produces a stream of data that is XORed with the message (plaintext) to produce the ciphertext sent over the airwaves.
The transmitted data consists of more than just the original message. It also contains a value known as the checksum. The checksum is a unique value computed from the data in the packet. The checksum is used to ensure data integrity during transmission. When the packet is received and decrypted, the terminal checksum is recalculated and compared to the original checksum. If they match, the packet is accepted; if not, the packet is considered discarded. This scheme not only protects against normal corruption, but also helps alert the user to malicious tampering.
After the data is encrypted, the IV is prepended to the data, along with a bit of data that marks the packet as being encrypted. The entire bundle is then broadcast into the atmosphere, where it is caught and decrypted by the receiving party.
The decryption process is the reverse of the encryption process. First, the IV is removed from the data packet and merged with the shared password. This value is then used to recreate the KSA, which is subsequently used to recreate the keystream . The stream and encrypted data packet are XORed together, which results in the plaintext output. The CRC is then removed from the plaintext and compared against a recalculated CRC; the packet is then either accepted or rejected.
This is a very general overview, and is discussed in much greater detail in Chapter 4. Most consider RC4 to be a strong algorithm. However, because of various errors in the implementation of the IV, hackers can easily crack WEP. So that you can protect yourself, we will now show you how to crack WEP as well.