Wireless Equivalent Privacy Offers No Privacy
WEP is even less secure than originally thought.
April 4, 2007
Wireless Equivalent Privacy (WEP) is a common way of encrypting network traffic and is supported by a wide range of wireless access points and network cards. While it's generally accepted that WEP isn’t very secure, it has now been shown that WEP can be cracked in a few minutes, which makes using WEP essentially pointless.
It’s been long-known that cracking WEP encryption isn’t difficult to achieve provided that an intruder can capture enough packets to use as the basis for the cracking attempt. Capturing enough packets has been the real hurdle, which affects how fast WEP can be cracked.
Several years ago WEP could be cracked using a few million packets of data. Then the cracking tactic was improved so that only half as many packets were needed. Now a team of researchers has improved upon previously existing methods so that WEP can be successfully cracked 95 percent of the time if the cracker can capture roughly 85,000 packets--which isn’t difficult to do.
The team of researchers--Erik Tews, Andrei Pychkine, and Ralf-Philipp Weinmann--wrote that “Using active techniques like de-auth and ARP re-injection, 40,000 packets can be captured in less than one minute under good conditions. The actual computation [for cracking WEP] takes about 3 seconds [on a Pentium-M 1.7 GHz computer using only 3MB of system RAM] and can additionally be optimized for devices with slower CPUs.”
The researchers, who are students at Technische Universitat Darmstadt in Germany, have published a detailed paper that explains how their approach works. The team also outlined which tools they used, and their Web page offers tips on how to reproduce their results.
Fortunately, stronger methods of protecting wireless network traffic already exist. Wireless Protected Access 1 (WPA1) was developered due to the relative insecurity of WEP, and later WPA2 was released to improve upon WPA1. WPA1 uses the RC4 algorithm where WPA2 now uses the AES algorithm, which is much stronger than RC4. Adding the use of 802.1X authentication improves the security of wireless connections even further.
About the Author
You May Also Like