Is WEP Secure?

Started by Zylstra, November 16, 2008, 08:44:41 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Allan

this thread is 18 months old.

Geek-9pm

Hello, TOMMY_THE_CAT

Yes, this is an  old topic. But welcome anyway to the forum.

WEP is used to keep your neighbors off your witless.
But WEP with hard passwords and Key Codes is beater than nothing.

X~w6b}8S
+¦"W*+l
<%=E=z}G
8}'FCO0N
(+@-!S_T

Are example of hard passwords. May vary in length.

You can make a hard WEP Key code with number sand the letters A B C D E F .
Must be exactly ten characters.
Like
0987654321
937A4B340F
AA3355DDEE


You get the idea.
Don't leave your wireless with the default password.
Enable  the WEP code.



BC_Programmer

WEP is nearly useless. use WPA or WPA2.
I was trying to dereference Null Pointers before it was cool.

Geek-9pm

QuoteWEP is nearly useless. use WPA or WPA2.
Why is it useless? Please explain. This thread has draw hundreds of visitors. WEP  is still widely used.  :)

BC_Programmer

http://blogs.msdn.com/alexholy/archive/2006/08/07/690912.aspx

To be more specific, what I mean is using the words "security" and "WEP" in the same sentence is laughable at best.

WEP doesn't have passwords. it has a key. And it's so easy to grab from the air via promiscuous mode Wireless cards  that it's a huge waste of time to "customize" the key that is chosen. If you're going to use WEP, all your doing is making your access point slightly less desirable then your other neighbors. You may as well just hide the ssid for that.

If the access point supports WPA or WPA2, do NOT USE WEP.

In fact, it's hardly even worth the negligible gains to enable WEP at all. you're basically banking on the fact that nobody will have a spare 40 seconds to crack the WEP public key and authenticate with your access point.
All it does, is make your access point a less "juicy" target within your neighborhood, assuming some of your neighbors leave their connections insecured. But if that's the case, just hide the ssid- then you have even better "security" over WEP.

Or use an actual secure solution like WPA and WPA2. they actually let you use standard passwords/passphrases.
I was trying to dereference Null Pointers before it was cool.

Geek-9pm

Thank you BC for the links.
From the links inside the link you gave, there is some good reading on the WEP issue. The WEP provides SOME security, but not much.

One of the links states that it is just a XOR with a short key. I did not know that. Is that true? Hard to believe! I thought thought the XOR with a short key was retro 1980 sort of thing.  If there is a string of repeating characters in the plain text, the XOR thing will expose itself as a pattern. If the key was a dictionary word, it will yield a pattern that can be decoded by a smart program.

Here is one of the links I found and it is recommended reading. http://www.tazforum.thetazzone.com/viewtopic.php?t=2069

Now I am not going to agree with you. I am not going to say WEP is useless. No, rather It is about like putting a raincoat on a duck to keep him from getting wet.  Not absolutely  useless. It works while the duck stays away from water. You must train the duck to not go in the water with the raincoat on.

So then, to get the most out of WEP, get all neighbors to sign an agreement that nobody is allowed into a neighbor's wireless is the WEP is on. The WEP then is a indicator that you want some privacy. Kind of like closing the bathroom door without locking it.

patio

Calm down guys...
The FAQ section is not for open arguments...stop posting here and move it to the open Forums if a discussion is warranted.
" Anyone who goes to a psychiatrist should have his head examined. "

Zylstra

Not sure how I came about this one again, but both of you are right in a way. For the sake of getting good information posted, I'm going to quickly say this:
WEP can still keep the majority of people who are not "tech savvy" from accessing your home network. Anyone with time, the ability to read, and Internet can figure out in a few days how to get past a WEP key.
WEP is considered unsecure by many major security organizations. (Not going to go into detail)

If all you have is WEP, use it. It is like locking the bathroom door. The funny thing is, as it always seems, you don't typically need much to unlock the bathroom door from the outside -- just a fingernail-file.
It's probably time to get a new router. (Or new wifi adapters, if that's the problem).

Someday, WPA will be just as unsecure as WEP. It just happens.

-- I just didn't want a confusing debate with no mediated closure.

tingting

I guess I will be shopping for a new router. I have an old linksys, and it uses WEP, which I thought was very secure. I had no clue that it was so easy to crack. I have had my eye on one of the newer wireless-N routers anyway. From what I understand, they are a lot faster, and give you different channels, for different applications. I'm going to assume that if I buy one of these, they will likely have the latest security technology, so this should resolve my current vulnerability issue.

patio

Quote from: tingting on May 22, 2011, 02:48:34 PM
I guess I will be shopping for a new router. I have an old linksys, and it uses WEP, which I thought was very secure. I had no clue that it was so easy to crack. I have had my eye on one of the newer wireless-N routers anyway. From what I understand, they are a lot faster, and give you different channels, for different applications. I'm going to assume that if I buy one of these, they will likely have the latest security technology, so this should resolve my current vulnerability issue.

QuoteThe FAQ section is not for open arguments...stop posting here and move it to the open Forums if a discussion is warranted.
" Anyone who goes to a psychiatrist should have his head examined. "