Wired Equivalent Protocol (WEP) is Showing Some Flaws
It seems as though Wi-Fi security protocols aren’t showing the desired security most had hoped for. Although some hope it will have some use in some smaller networks, concerns are abound in the financial services industry.
The death knell chimes for WEP
New research leads to end of WEP
Darren Pauli
April 12, 2007 (Computerworld Australia) — SYDNEY - Australian IT security managers have vowed they would never rely on the Wired Equivalent Privacy (WEP) protocol especially after the release of new research this week showing it can be cracked in as little as three seconds.
Security professionals said the bell has tolled for the WEP protocol which is used as a default intrusion prevention system for IEEE 802.11 WLAN Wi-Fi devices.
The troubled protocol suffered its first blow in 2001, when a flaw was revealed in the WEP protocol’s RC4 key scheduling algorithm which allowed radio sniffer programs to extract and inject wireless data packets from and into the network where statistical analyzers, known as WEP crackers, can recover the encryption key to unscramble the data. However, the WEP security key required about 4 million packets to be intercepted for it to be calculated. Now security experts in Germany have claimed they can outfox the beleaguered protocol in three seconds, down on the previous best of about five minutes which kept up with changing security keys.
