Is WEP dead yet? Should it be?
We've known almost from its release, that there were some significant weaknesses in WEP (Wired Equivalent Privacy).  AirSnort and WEPcrack among other packages have been able to crack WEP keys fairly easily if they could sniff enough of the encrypted traffic.  One of our readers (thanx, Mike) noted a new paper by three folks from the Darmstadt Technical University in Germany entitled Breaking 104 bit WEP in less than 60 seconds.  They explain how an updated attack on the underlying RC4 algorithm allows much faster cracking of WEP (over an order of magnitude faster), than previously realized.  We have long recommended that WEP be abandoned in favor of WPA (or, even better, WPA2).  This new work demonstrates that WEP is little more than an annoyance to folks really interested in seeing your traffic.I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2022


423 Posts
ISC Handler
Apr 4th 2007

Sign Up for Free or Log In to start participating in the conversation!