wep Encryption

The popular press has done a lot to discourage organizations and individuals
from using wireless networks. If you’ve been paying attention to the brouhaha,
then you’re aware of all the negative articles about wireless security — especially
those dealing with encryption. Part of the problem is that the press and
others don’t understand the basis for WEP. As implied by its name, the developers
of Wired Equivalent Privacy intended for it to give clients the same level
of security found on a wired network — which, quite frankly, isn’t much.
with the exception of a fully switched environment, eavesdroppers can have their
way with frames traversing a wired network. WEP was never intended to
provide message integrity, non-repudiation, and confidentiality. And guess
what — it doesn’t.
WEP uses the symmetrical RC4 (Ron’s Code 4) algorithm and a PRNG
(Pseudo-Random Number Generator). The original standard specified 40 (in
practice, 64) and 128-bit key lengths with a 24-bit initialization vector (IV).
Then there’s the matter of incomplete coverage of network layers: WEP
encrypts Layers 3 through 7, but does not encrypt the MAC layer (that is,
Layer 2). Because it’s a symmetrical algorithm, WEP gives every client the
keys and other configuration data.
Okay, we know there’s nothing wrong with the RC4 algorithm per se — after
all, Web browsers use it for Secure Sockets Layer (SSL). The problem is in the
WEP implementation of the RC4 algorithm — and the false sense of security it
encourages.
The algorithm takes the IV, which is in plaintext, and sticks it on the front end
of the secret key (which the decrypter knows). WEP then plugs the result
into the RC4 to regenerate the key stream. Next, the algorithm XORs the key
stream with the ciphertext, which should give us the plaintext value. Finally,
WEP re-performs the CRC-32 checksum on the message and ensures that it
matches the integrity check value in our encrypted plaintext. Should the
checksums not match, WEP assumes that someone tampered with the
packet, and will discard it.
As mentioned earlier, access points generally have only three (namely, the
following) encryption settings available:
None: This setting represents the most serious risk because someone
can easily intercept, read, and alter unencrypted data traversing the
network.
40-bit shared key: A 40-bit shared key encrypts the network communications
data, but there is still a risk of compromise. The 40-bit encryption
has been broken by brute force cryptanalysis, using a high-end
graphics computer — and even low-end computers — so it has only
questionable value. We show you some tools in later sections that allow
you to easily recover 40-bit keys — and if you can, a bad guy can.
104-bit setting: In general, 104-bit (sometimes called 128-bit) encryption is
more secure than 40-bit encryption because of the significant difference in
the size of the cryptographic key space. Even though this better security
isn’t true for 802.11 WEP (because of poor cryptographic design in the
use of IVs), it is nonetheless recommended as a good practice. Again, you
should be vigilant about checking with the vendor regarding upgrades
to firmware and software — you may find some that overcome some of
the WEP problems. (Some vendors, for example, support 152-bit keys.)