Wired Equivalent Privacy

Wired Equivalent Privacy (WEP) is an obsolete, severely flawed security algorithm for 802.11 wireless networks.

Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide security/privacy comparable to that of a traditional wired network.

[1] WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely used, and was often the first security choice presented to users by router configuration tools.

The first versions of WEP were not particularly strong, even for the time they were released, due to U.S. restrictions on the export of various cryptographic technologies.

At the time that the original WEP standard was drafted, the U.S. Government's export restrictions on cryptographic technology limited the key size.

Once the restrictions were lifted, manufacturers of access points implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104).

Depending on the amount of network traffic, and thus the number of packets available for inspection, a successful key recovery could take as little as one minute.

It is possible to perform the attack with a personal computer, off-the-shelf hardware, and freely available software such as aircrack-ng to crack any WEP key in minutes.

They wrote "Experiments in the field show that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target."

They also reported two generic weaknesses: In 2005, a group from the U.S. Federal Bureau of Investigation gave a demonstration where they cracked a WEP-protected network in three minutes using publicly available tools.

Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin, and Shamir, which can additionally be used to break WEP in WEP-like usage modes.

In 2006, Bittau, Handley, and Lackey showed[2] that the 802.11 protocol itself can be used against WEP to enable earlier attacks that were previously thought impractical.

Finally, if the 802.11 network is connected to the Internet, the attacker can use 802.11 fragmentation to replay eavesdropped packets while crafting a new IP header onto them.

In 2007, Erik Tews, Andrei Pyshkin, and Ralf-Philipp Weinmann were able to extend Klein's 2005 attack and optimize it for usage against WEP.

Using active techniques like Wi-Fi deauthentication attacks and ARP re-injection, 40,000 packets can be captured in less than one minute under good conditions.

The actual computation takes about 3 seconds and 3 MB of main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs.

In 2008 the Payment Card Industry Security Standards Council (PCI SSC) updated the Data Security Standard (DSS) to prohibit use of WEP as part of any credit-card processing after 30 June 2010, and prohibit any new system from being installed that uses WEP after 31 March 2009.

[19] By sending a flood of encrypted ARP requests, the assailant takes advantage of the shared key authentication and the message modification flaws in 802.11 WEP.

[22] However, TKIP (the basis of WPA) has reached the end of its designed lifetime, has been partially broken, and has been officially deprecated with the release of the 802.11-2012 standard.

Basic WEP encryption: RC4 keystream XORed with plaintext