WEP – Wired Equivalent Privacy
The IEEE 802.11b WLAN (Wireless Local Area Network) standard incorporates a confidentiality and integrity provision called WEP. To protect the data, WEP uses the stream cipher RC4 from RSA Security Inc. There are two levels of WEP commonly available; one based on a 40bit encryption key and 24bit initialization vector (64bit encryption) and one based on a 104bit encryption key and 24bit initialization vector (128bit encryption). Prior to encryption, the data is run through an integrity check process to ensure that the recipient of the data can detect whether it has been tampered with during transmission. The RC4 algorithm then generates a key stream from either the 64bit or 128bit encryption key which is applied to the user data and integrity check. In August 2001, Scott Fluhrer, Itsik Mantin, Adi Shamir published a paper entitled Weakness in the Key Scheduling Algorithm of RC4; which outlined a theoretical method for breaking the WEP key. Providing enough traffic has been captured, modern day cracking software can crack WEP in seconds.
< Back to glossary