Join Greg Sowell for an in-depth discussion in this video Scrutinizing WEP, part of Foundations of Networking: Network Media (LANs).
- Wired Equivalent Privacy or WEP was introduced in 1997, and was the first security algorithm employed for Wi-Fi. It was the de-facto protection method until WPA was ratified in 2004. WEP uses the stream ciper RC4 for confidentiality, and the CRC-32 checksum for integrity. Standard WEP uses a 40-bit key, combined with a 24-bit initialization vector, giving us a WEP key that is a total of 64 bits.
It was later extended to be 128 bit key for better protection. A 64-bit key uses a 10-digit hexadecimal string, while a 128-bit key uses a string of 26 hex characters. WEP has two authentication methods, open system authentication, and shared key authentication. Open allows all clients to associate, or connect to the AP, then it will attempt to protect with WEP. Shared will first challenge the client, the client will then encrypt the challenge, and send it back.
If the challenge is correctly encrypted, then the client is allowed to associate with the AP. At first glance it would appear that shared is more secure, but in fact the challenge response method employed by shared makes it easier to intercept and decrypt the key. As with many first attempts at security, it wasn't secure for long. A 2001 white paper described the way the initialization vector used by WEP could be exploited. Since the IV is only 24-bits long, it has a 50 percent likelihood that it will repeat after 5,000 packets.
I've personally exploited WEP, using a $50 USB Wi-Fi card, Linux, and some open source tools. Starting up Airmon-ng, you first put your Wi-Fi card in monitor mode, this will allow it to capture packets. Once you have collected about 15,000 packets, you can run Aircrack-ng against the capture file, you can crack a WEP key in less than 20 minutes. You can also use Aireplay-nc to force the AP to generate additional traffic, which will speed up the process to less than 10 minutes.
You can associate to the AP, or simply decrypt captured packets. It is highly unlikely you will encounter WEP still in use. If you do, you can now easily demonstrate the need to upgrade.
- Exploring cable types
- Creating coaxial cable
- Terminating Cat 5 cable
- Mitigating EMI
- Setting up wireless LANs
- Comparing Wi-Fi frequencies
- Securing a wireless network
- Using fiber-optic cable in LAN and WAN applications