Talk:Wired Equivalent Privacy

From Wikipedia, the free encyclopedia

It is unclear in what is written if the WEP key is sent from the AP to the wireless device that is trying to connect. So what I am getting at is where is the WEP key created and then which end revises it. Someone please add this information.

WikiProject on Cryptography This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.

Contents

[edit] Big piece missing in atricle about mode of operations

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080094581.shtml You can choose Open, Shared Key, or both of these options in order to set the authentications that the AP will recognize.

   *

     Open (RECOMMENDED)—This default setting allows any device, regardless of its WEP keys, to authenticate and attempt to associate.
   *

     Shared Key—This setting tells the AP to send a plain-text, shared key query to any device that attempts to associate with the AP.

     Note: This query can leave the AP open to a known-text attack from intruders. Therefore, this setting is not as secure as the Open setting.

this has security implications and should be discussed.


Done. Requesting folks here to review the addition. Am new to Wikipedia editing, so do look at the formatting.

K.C.Rao, Team Lead, WLAN driver technology 07:11, 7 September 2007 (UTC)

[edit] Protection against casual snooping

Not sure how this works. I don't know how to contact Matt. However, I came to this page to learn about how to use WEP, since all my WAPs were purcached before 2003, and I don't yet have the budget for new ones. Even though is isn't 100%, you make it sound like WEP doesn't do any good just because some people can break it. Anyone can break a window, but I still lock my doors, and no one has ever broken it. My neighbors have used my WiFi, but don't know how to crack WEP. Therefore it is still useful. I feel that is information that should be included on this page if it is to be useful to everyone who visits it. Thanks. Paul paulshanks-info3286@mailblocks.com

Doesn't the sentence, "despite the inherent weaknesses, WEP provides a bare minimal level of security that can deter casual snooping." cover this point? — Matt Crypto 23:48, 1 October 2005 (UTC)
Good point. I think I read that line incorrectly. Paul
Or, you read it as any average person would read it. The entire article talks about WEP factually, but then adds spin to every interpretation to support the authors' views. This article serves as a fine example of Wikipedia being "the encyclopedia that Slashdot built." —Preceding unsigned comment added by 141.211.231.231 (talk • contribs)

Avid user who has not yet signed up: Surely the line "more information is needed here on 256-but WEP encryption" justifies an incompltele/high standard notice to be placed, as the article is incomplete? —Preceding unsigned comment added by 84.13.55.103 (talk • contribs)

I added some more info and took out the note. --agr 21:44, 13 November 2005 (UTC)

[edit] does IPSec protect against WEP password attacks?

The article says: "Another alternative is to use a tunneling protocol, such as IPsec". Can someone please clarify if the use of IPsec will prevent the commonly used WEP attacks that are intended to retrieve the WEP password - or will it merely protect against your data (the payload) being intercepted? These are two different things - protecting the data as opposed to protecting the network. - Hayne 20:28, 1 March 2006 (UTC)

No, IPSec won't prevent recovery of the WEP password. But could you explain the difference as you perceive it? IPSec provide integrity protection as well as encryption. — ciphergoth 00:26, 2 March 2006 (UTC)
The difference seems obvious but here goes. Protecting the data means that my neighbour cannot read what is in my transmissions - e.g. the text of my email messages. Protecting the network means that my neighbour cannot access my network - i.e. cannot make use of my bandwidth, cannot make his communications come via my IP address, etc. - Hayne 15:21, 3 March 2006 (UTC)
OK, so it is an issue of integrity protection. Yes, IPSec provides this. — ciphergoth 15:25, 3 March 2006 (UTC)
You said above that "IPSec won't prevent recovery of the WEP password". That means that my neighbour can obtain my WEP password and hence gain access to my wireless network. So IPSec doesn't protect my network in the sense I explained above. - Hayne 15:42, 3 March 2006 (UTC)
If all parties (including the router) are configured to allow only packets authenticated with IPSec, then the WEP password will be of no use to them. Of course in this instance you might not enable WEP at all. — ciphergoth 17:01, 3 March 2006 (UTC)
But then the question is whether all routers are configurable to do that (only allow IPSec packets). I don't think that is possible with the Apple Airport base stations for example - is it? It supports VPN passthrough, but I don't think that means that other packets are disallowed. What about other commonly used wireless base stations? - Hayne 19:09, 3 March 2006 (UTC)

[edit] Expand

This article might as well be renamed to Vulnerabilities of WEP. Who developed it? Why is it necessary? What does a typical user do to enable WEP? How do they generate keys? How do they transmit the keys to another computer? How do they know if their connection is secure? etc. etc.

I see six links to software for cracking WEP keys, but none for generating keys. All of the other external links are about weaknesses. None about how to use it on a specific system, etc. — Omegatron 19:15, 28 April 2006 (UTC)

WEP was developed by the IEEE as part of its 802.11 standard. The "Why is it necessary?" question was answered in the article. The question on how keys are generated and delivered to client machines are that the network administrator picks an arbitrary 40 or 104 bit number and that he or she is responsible for delivery of the keys to the client machines because there is no automatic key distribution system. The other questions are operating system, access point, and driver dependent and therefore do not belong in an encyclopedia article. Jesse Viviano 14:53, 30 May 2006 (UTC)

In fact, the only question left unanswered in your comment that belongs in the encyclopedia article was who developed it. WEP has become such a bad joke in security that this article would have been moved to BJAODN if this was not a real-world security protocol. I will answer the above mentioned question in the article and remove the article expansion tag. Jesse Viviano 14:59, 30 May 2006 (UTC)

I had to edit my comment above to work around a deleted and salted redirect. Jesse Viviano 15:39, 25 June 2006 (UTC)

[edit] Passphrase

At least on Linksys products, the user can enter a “passphrase” and click “generate” to generate WEP keys. I assume this is a simple hash function. Is this hash function part of the WEP standard? If so, this article should mention it since it's something a lot of new wireless users encounter. Linksys says a passphrase is “Used much like a password, a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for Linksys products.” For reference: [1]. —Ben FrantzDale 11:38, 5 September 2006 (UTC)

Nope, the passphrase is not part of the standard. That is why different equipment might generate different keys from the same passphrase. Passphrase handling was standardized for WPA. So using passphrases is not recommended for WEP if mixing equipment from different vendors. Although most display the generated keys, so can easily check if they are the same. --Xerces8 07:17, 23 May 2007 (UTC)

There are a few defacto standards, however. For 128/104-bit, the most common is to use the first 13 bytes of the md5sum of the first 64 bytes of the passphrase catenated together. I've seen no published description of what the apple airport did for either 64/40-bit or 128/104-bit, nor what most other equipment does for 64/40-bit.

[edit] Speed loss?

Does encryption/decryption add any significant bandwith load? I am curious what the data rate loss is for various encryption types. ---Ransom (--71.4.51.150 00:30, 13 June 2006 (UTC))

Yes, many claim that encryption decreases performance. Can some please provide some facts ? Thanks. --Xerces8 07:18, 23 May 2007 (UTC)

[edit] Related Key Attack on WEP

I ended up doing some simple math for a class project:
24 bit IV = 2^24 ~ 17 million
probability function for repeat IV (see Birthday Paradox)= 1 - exp(-(n(n-1))/(2*2^24))
plot n, you get 50% point at around 5000 packets... that's where that number came from.
pkomma 16:08, 5 August 2006 (UTC)

[edit] Expand Flaws Section?

Why is there no direct mention of Borisov, Goldberg, and Wagner's 2001 cryptanalysis of WEP? Any article on WEP should mention David Wagner _somewhere_.

[edit] Grammar cleanup

Just cleaned up some wording in the WEPplus section.

[edit] cracking tools

I've mentioned aircrack-ng by name - I don't know whether it belongs in the intro, but it's mentioned in 'flaws' and in the list of cracking tools at the end. I think the fact that any WEP key can be cracked in two minutes needs mentioning!

(I just moved house and our DSL isn't on until Friday. There's four networks nearby, all with WEP on ... must not be tempted! Must not be tempted!) - David Gerard 16:39, 19 September 2006 (UTC)

[edit] Crack WEP in x minutes

The article mentions that a WEP key can be broken in 10, two minutes or less and quotes the FBI breaking WEP in 3minutes. I guess the speed at which WEP can be broken is dependent on the number of packets that are captured, thus it makes more sense to define how many megabytes of data need to be captured to enable an attack? It should then be discussed how quickly this much traffic can be accumulated. Breaking WEP in an office environment, where there are a hundred users should be quicker than a home network, where there is a single user.

EXTRACT: In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network. Depending on the amount of network traffic, and thus the number of packets available for inspection, a successful key recovery could take as little as 10 minutes. If an insufficient number of packets are being sent, there are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely available software such as aircrack-ng and crack any WEP key in two minutes or less.--Bah23 13:54, 1 February 2007 (UTC)

The newer techniques demonstrated by the FBI can stimulate the needed network traffic and do not depend on how busy the network is. See [2] --agr 14:31, 1 February 2007 (UTC)
From the excerpt you (Bah23) just provided: "If an insufficient number of packets are being sent, there are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key."
So ditto agr, an attacker is able to simulate traffic on a WEP-protected network even if they do not know the key. -- intgr 14:36, 1 February 2007 (UTC)

[edit] A Slowed Obsolescence

I removed the following unsourced speculation. Regardless of the merits of the suggestion, it does not belong here without some published source. Sorry. --agr 05:21, 2 February 2007 (UTC)

Many owners and administrators of the "real world" WiFi networks increasingly found in cafés, public libraries, etc., would like to harness the greater security of WPA/WPA2 or RADIUS but are constrained by the need to accommodate customers and guests with older hardware, typically laptop computers equipped with aging wireless cards that only speak WEP or have a very rudimentary WPA implementation. The next milestone in this kind of freely roaming but secure networking may be a protocol and associated hardware that can be significantly upgraded "on the fly" so that average consumers who cannot continually purchase new equipment can nevertheless "download" the latest response to hackers and bandwidth thieves over the course of five or more years.
I think I agree with Many owners and administrators of the "real world" WiFi networks increasingly found in cafés, public libraries, etc., would like to harness the greater security of WPA/WPA2 or RADIUS but are constrained by the need to accommodate customers and guests with older hardware, typically laptop computers equipped with aging wireless cards that only speak WEP or have a very rudimentary WPA implementation. A recent discussion with an institution (which shall remain nameless) revealed that they treat all wireless traffic as if it were from outside, therefore it does not break security if someone uses there bandwidth. (There was more to the argument, but that is the gist). Although ArnoldReinhold was right to remove it. Does the OP have a source?--Bah23 20:47, 2 February 2007 (UTC)
This may be a stupid question, but how do you retreive your WEP key? 71.136.233.5 21:56, 2 July 2007 (UTC)

[edit] LEAP?

LEAP goes unmentioned here; seems to fit equally as well as various other hacks around WEP vulnerabilities.Bhudson 16:34, 13 August 2007 (UTC)

[edit] Anything notable besides its ubiquity and vulnerability?

I agree with the comment about renaming the article to Vulnerabilities of WEP. Not only do all the external links point to pages about how easy it is to pwn WEP (How many of them say anything the others don’t?) there’s nothing discussing the difference between hex and ASCII keys, or how they’re used, for example, in either the article or the links. The attitude seems to be, “This encryption is way too unsecure, so if you don’t already, you don’t need to know anything about how to use it… Try this instead.” —Wiki Wikardo 16:35, 13 September 2007 (UTC) samana1974 —Preceding unsigned comment added by 80.4.36.81 (talk) 13:16, 4 December 2007 (UTC)

[edit] Is 802.1x same as WEP?

My wireless router can only do WEP.

I want my mobile phone to use the wireless router, but my phone only supports 802.1x - is this another name for WEP? —Preceding unsigned comment added by 78.149.141.162 (talk) 00:51, 22 January 2008 (UTC)

[edit] Deleted External links

The following external links were deleted en masse by user KelleyCook without a good explanation: (These are posted here so they're possibly reconsidered for inclusion and not completely lost.) --AB (talk) 07:11, 1 February 2008 (UTC)