WEP Needs to Die

WEP is a protocol used by many wireless routers to protect your privacy by encrypting the signals to and from the router or wireless access point. If you lookup WEP in Wikipedia, you get this definition: "Wired Equivalent Privacy, an obsolete wireless network security standard". I wish it were so. This standard SHOULD be obsolete, but a recent survey found that 50% of all wireless access points were using WEP. 25% were using WPA (the right one), and 25% were without any security at all!

WEP was adopted by the IEEE in 1999 in the hope it would provide the equivalent of wired privacy, hence the name. The first significant flaws were reported in 2001. By 2005 the FBI gave a demonstration cracking some WEP protected systems in about 3 minutes, with commonly available tools, but until recently, most cracking attempts required over an hour. Thus, it was widely seen as a way to keep at least casual crashers out. Now 95% of WEP protected networks can be cracked in under 2 minutes, with freely available tools that do not require extensive knowledge. It simply should not be used.

WEP was replaced after a few years with WPA (WiFi Protected Access), which provides very good protection. The problem stems from hardware made between 1999 and 2003 which doesn't support the newer standard. Plus, occasional villains like Comcast who quite recently provided a wireless router which only used WEP, not WPA. This nearly drove me mad! Until recently many security consultants felt that a concession needed to be made to this older hardware and therefore would setup wireless access points using WEP because it was universally supported and better than nothing.

It is time to let it die, and simply demand newer hardware or that people do firmware updates.

Date: June 2007

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		WEP Needs to Die WEP is a protocol used by many wireless routers to protect your privacy by encrypting the signals to and from the router or wireless access point. If you lookup WEP in Wikipedia, you get this definition: "Wired Equivalent Privacy, an obsolete wireless network security standard". I wish it were so. This standard SHOULD be obsolete, but a recent survey found that 50% of all wireless access points were using WEP. 25% were using WPA (the right one), and 25% were without any security at all! WEP was adopted by the IEEE in 1999 in the hope it would provide the equivalent of wired privacy, hence the name. The first significant flaws were reported in 2001. By 2005 the FBI gave a demonstration cracking some WEP protected systems in about 3 minutes, with commonly available tools, but until recently, most cracking attempts required over an hour. Thus, it was widely seen as a way to keep at least casual crashers out. Now 95% of WEP protected networks can be cracked in under 2 minutes, with freely available tools that do not require extensive knowledge. It simply should not be used. WEP was replaced after a few years with WPA (WiFi Protected Access), which provides very good protection. The problem stems from hardware made between 1999 and 2003 which doesn't support the newer standard. Plus, occasional villains like Comcast who quite recently provided a wireless router which only used WEP, not WPA. This nearly drove me mad! Until recently many security consultants felt that a concession needed to be made to this older hardware and therefore would setup wireless access points using WEP because it was universally supported and better than nothing. It is time to let it die, and simply demand newer hardware or that people do firmware updates. Date: June 2007 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk