Talk:Wired Equivalent Privacy

From Wikipedia, the free encyclopedia

WikiProject on Cryptography This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.

Not sure how this works. I don't know how to contact Matt. However, I came to this page to learn about how to use WEP, since all my WAPs were purcached before 2003, and I don't yet have the budget for new ones. Even though is isn't 100%, you make it sound like WEP doesn't do any good just because some people can break it. Anyone can break a window, but I still lock my doors, and no one has ever broken it. My neighbors have used my WiFi, but don't know how to crack WEP. Therefore it is still useful. I feel that is information that should be included on this page if it is to be useful to everyone who visits it. Thanks. Paul paulshanks-info3286@mailblocks.com

Doesn't the sentence, "despite the inherent weaknesses, WEP provides a bare minimal level of security that can deter casual snooping." cover this point? — Matt Crypto 23:48, 1 October 2005 (UTC)
Good point. I think I read that line incorrectly. Paul
Or, you read it as any average person would read it. The entire article talks about WEP factually, but then adds spin to every interpretation to support the authors' views. This article serves as a fine example of Wikipedia being "the encyclopedia that Slashdot built." —The preceding unsigned comment was added by 141.211.231.231 (talk • contribs).

Avid user who has not yet signed up: Surely the line "more information is needed here on 256-but WEP encryption" justifies an incompltele/high standard notice to be placed, as the article is incomplete? —The preceding unsigned comment was added by 84.13.55.103 (talk • contribs).

I added some more info and took out the note. --agr 21:44, 13 November 2005 (UTC)

Contents

[edit] does IPSec protect against WEP password attacks?

The article says: "Another alternative is to use a tunneling protocol, such as IPsec". Can someone please clarify if the use of IPsec will prevent the commonly used WEP attacks that are intended to retrieve the WEP password - or will it merely protect against your data (the payload) being intercepted? These are two different things - protecting the data as opposed to protecting the network. - Hayne 20:28, 1 March 2006 (UTC)

No, IPSec won't prevent recovery of the WEP password. But could you explain the difference as you perceive it? IPSec provide integrity protection as well as encryption. — ciphergoth 00:26, 2 March 2006 (UTC)
The difference seems obvious but here goes. Protecting the data means that my neighbour cannot read what is in my transmissions - e.g. the text of my email messages. Protecting the network means that my neighbour cannot access my network - i.e. cannot make use of my bandwidth, cannot make his communications come via my IP address, etc. - Hayne 15:21, 3 March 2006 (UTC)
OK, so it is an issue of integrity protection. Yes, IPSec provides this. — ciphergoth 15:25, 3 March 2006 (UTC)
You said above that "IPSec won't prevent recovery of the WEP password". That means that my neighbour can obtain my WEP password and hence gain access to my wireless network. So IPSec doesn't protect my network in the sense I explained above. - Hayne 15:42, 3 March 2006 (UTC)
If all parties (including the router) are configured to allow only packets authenticated with IPSec, then the WEP password will be of no use to them. Of course in this instance you might not enable WEP at all. — ciphergoth 17:01, 3 March 2006 (UTC)
But then the question is whether all routers are configurable to do that (only allow IPSec packets). I don't think that is possible with the Apple Airport base stations for example - is it? It supports VPN passthrough, but I don't think that means that other packets are disallowed. What about other commonly used wireless base stations? - Hayne 19:09, 3 March 2006 (UTC)

[edit] Expand

This article might as well be renamed to Vulnerabilities of WEP. Who developed it? Why is it necessary? What does a typical user do to enable WEP? How do they generate keys? How do they transmit the keys to another computer? How do they know if their connection is secure? etc. etc.

I see six links to software for cracking WEP keys, but none for generating keys. All of the other external links are about weaknesses. None about how to use it on a specific system, etc. — Omegatron 19:15, 28 April 2006 (UTC)

WEP was developed by the IEEE as part of its 802.11 standard. The "Why is it necessary?" question was answered in the article. The question on how keys are generated and delivered to client machines are that the network administrator picks an arbitrary 40 or 104 bit number and that he or she is responsible for delivery of the keys to the client machines because there is no automatic key distribution system. The other questions are operating system, access point, and driver dependent and therefore do not belong in an encyclopedia article. Jesse Viviano 14:53, 30 May 2006 (UTC)

In fact, the only question left unanswered in your comment that belongs in the encyclopedia article was who developed it. WEP has become such a bad joke in security that this article would have been moved to BJAODN if this was not a real-world security protocol. I will answer the above mentioned question in the article and remove the article expansion tag. Jesse Viviano 14:59, 30 May 2006 (UTC)

I had to edit my comment above to work around a deleted and salted redirect. Jesse Viviano 15:39, 25 June 2006 (UTC)

[edit] Passphrase

At least on Linksys products, the user can enter a “passphrase” and click “generate” to generate WEP keys. I assume this is a simple hash function. Is this hash function part of the WEP standard? If so, this article should mention it since it's something a lot of new wireless users encounter. Linksys says a passphrase is “Used much like a password, a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for Linksys products.” For reference: [1]. —Ben FrantzDale 11:38, 5 September 2006 (UTC)

[edit] Speed loss?

Does encryption/decryption add any significant bandwith load? I am curious what the data rate loss is for various encryption types. ---Ransom (--71.4.51.150 00:30, 13 June 2006 (UTC))

[edit] Related Key Attack on WEP

I ended up doing some simple math for a class project:
24 bit IV = 2^24 ~ 17 million
probability function for repeat IV (see Birthday Paradox)= 1 - exp(-(n(n-1))/(2*2^24))
plot n, you get 50% point at around 5000 packets... that's where that number came from.
pkomma 16:08, 5 August 2006 (UTC)

[edit] Expand Flaws Section?

Why is there no direct mention of Borisov, Goldberg, and Wagner's 2001 cryptanalysis of WEP? Any article on WEP should mention David Wagner _somewhere_.

[edit] Grammar cleanup

Just cleaned up some wording in the WEPplus section.

[edit] cracking tools

I've mentioned aircrack-ng by name - I don't know whether it belongs in the intro, but it's mentioned in 'flaws' and in the list of cracking tools at the end. I think the fact that any WEP key can be cracked in two minutes needs mentioning!

(I just moved house and our DSL isn't on until Friday. There's four networks nearby, all with WEP on ... must not be tempted! Must not be tempted!) - David Gerard 16:39, 19 September 2006 (UTC)

Retrieved from "http://en.wikipedia.org../../../w/i/r/Talk%7EWired_Equivalent_Privacy_2b6c.html"