This tutorial will explore the topic of WEP Cracking and why this protocol should be avoided at all costs in a production network environment.

What is Wired Equivalent Privacy (WEP)?

From Wikipedia.org:

"Wired Equivalent Privacy (WEP) is a scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks (also known as Wi-Fi networks). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping.

WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping."

Why do we care?

While WEP is an older protocol and has been widely advised against in the news users continue to use and expect to use WEP to protect their home and office networks. WEP is supported by all 802.11 chipsets and on older hardware is the only option available for security.

This leaves us with a very widely used, very badly flawed security protocol and as security minded individuals this is a concern and interest for us.

How does WEP work? :

WEP works by encrypting the data passing over the network with either a 40 or 104 bit key combined with a 24 bit initialzation vector (IV), the pre-shared key or PSK is typically a 10 character (for 64 bit) or a 26 character (for 128 bit) hex key that is chosen by the user. This key is shared with all the clients that have access to the network and is used to encrypt the data packets.

Next: How does WEP Cracking work?