Information Security all in one place!

The reason behind why WEP is considered weak….

As early as 2001, implementation problems with the WEP encryption scheme led to the first real break. The problem revolved around the initialization vector (IV) field of the scheme, a random number concatenated with the network key, used to provide some randomization to the scheme. WEP is based on the RC4 stream cipher algorithm, and as with any stream cipher, identical keys must not be used. The IVs change with each packet and eventually repeat, giving an attacker two packets with identical IVs. The counter used for IVs was 24 bits long, which on a fairly busy network meant that there was a good chance that after 5,000 packets, an IV would be repeated, yielding an IV collision where two packets were encrypted with the same key, thus providing a basis for cryptanalysis. If more collisions are encountered, this increases the chances of an attack.

Haines, Brad (2010-03-25). Seven Deadliest Wireless Technologies Attacks (Seven Deadliest Attacks) (Kindle Locations 446-451). Syngress. Kindle Edition.


Let's hear what you have to say.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s