Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Is WEP dead yet? Should it be? - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Is WEP dead yet? Should it be?
We've known almost from its release, that there were some significant weaknesses in WEP (Wired Equivalent Privacy).  AirSnort and WEPcrack among other packages have been able to crack WEP keys fairly easily if they could sniff enough of the encrypted traffic.  One of our readers (thanx, Mike) noted a new paper by three folks from the Darmstadt Technical University in Germany entitled Breaking 104 bit WEP in less than 60 seconds.  They explain how an updated attack on the underlying RC4 algorithm allows much faster cracking of WEP (over an order of magnitude faster), than previously realized.  We have long recommended that WEP be abandoned in favor of WPA (or, even better, WPA2).  This new work demonstrates that WEP is little more than an annoyance to folks really interested in seeing your traffic.I will be teaching next: Malware Reverse-Engineering Challenge - SANS Northern VA Fall- Reston 2019


407 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!