What Is WEP?
Page content

An Introduction To WEP

WEP stands for Wired Equivalent Privacy and is the algorithm that was used to ensure the security of a wireless network. WEP was designed for the 802.11 standard for wireless networks. It is a form of encryption that is built around the RC4 Stream Cipher.

When they were first created, wireless networks had serious security issues and could be easily hacked by amateur hackers. To counter rectify this IEEE created WEP-40 and WEP-104. The WEP-40 key is used to refer to the 64-bit WEP protocol. However, the WEP-104 was designed for the 128-bit WEP protocol.

WEP Security

As stated previously, one of the main concerns with using WEP is its lower level of security. This can be counteracted by choosing a password with a certain length. It is recommended that a when using 128-bit WEP to select a password that is at minimum at least thirteen characters. However, a 40-bit WEP should have a password with at minimum at least five characters. These character lengths have been shown to improve the safety of wireless transmission.

Even though it is still in use, there are two main reasons why WEP is not thought to be secure. Most of the WEP systems involve keys that have been shared. This is quite insecure as anyone who has the share shared key can access the system. The second reason that compromises the security of WEP is that it is often disabled. As a result, anyone can access the network if it is not actually enabled.

WEP Authentication

There are two main ways in which authentication can occur. If the key is shared, at least four steps are needed to transmit data. Firstly, the client will need to send a request to authenticate to the Access Point. The Access Point will respond with a clear text message. The Client will then encrypt the clear text message using a WEP key that has been configured for it. The Client will respond with another request to authenticate. The result is the Access Point will need to decipher and compare the information received to the clear text message that was sent.

The second type of authentication is open key authentication in which any client can become authenticated to the Access Point followed by an association. Afterwards, a WEP key is needed to transmit data. However, open authentication is preferred to a shared key as it does not really authenticate. Shared key authentication is less secure because it makes it easier to capture critical data during the four step process.