answersLogoWhite

0


Best Answer

WEP uses a technique that allows an attacker to quite easily break the key, since part of the key (IV, or Initialization Vector) is in every packet. WPA does not use the same technique and a good WPA key cannot be guessed in a reasonable amount of time.

The Wired Equivalent Privacy (WEP) protocol was designed to add security to WLANs. WEP was intended to give wireless networks the equivalent level of privacy of a comparable wired network. However, WEP occasionally produces cryptologically weak ciphers that are easily broken with modern tools. A step-by-step description of how the WEP protocol is cracked follows, to give you a better idea of the weakness of WEP and the speed with which it can be compromised:

1. A hacker runs Kismet, a wireless LAN discovery tool, to determine what wireless LANs are in the area. When the hacker discovers the SSID, the channel number it is operating on, and its BSSID (Basic Service Set Identifier- its Ethernet address), he has all the information needed to mount an attack to recover the WEP key.

2. If the SSID is unknown because the WLAN's owner has enabled a mode that hides it (known as SSID Cloaking or SSID Broadcast Disable), the hacker can discover the SSID by waiting for a client to connect, in which case both the client as well as the AP disclose the SSID. Or the hacker can obtain the SSID by forcing an already connected client to disconnect and reconnect. This is done by sending a specially crafted packet pretending to be from the AP that tells the receiving client that it is no longer authenticated. The client has no way to tell that this is not actually coming from the AP, and so it attempts to rectify the problem by disconnecting from the AP and reconnecting, yielding the SSID in the process.

3. The hacker puts his wireless card into a "monitor mode" in which the WLAN card eavesdrops on a WLAN without having to connect to it. He commands the WLAN card to monitor the channel on which the target AP is located, and begins capturing and saving all of the traffic monitored from that AP to disk in a file called a capture file.

4. The software used to capture the data notes the reception of packets encrypted with a weak Initialization Vector (IV), which in cryptography is a value used to initialize a cryptographic process. WEP misuses these IVs in an exploitable way, and when a certain number of weak IVs have been captured, the WEP key can be determined. Roughly 125,000 packets are required to crack most 40-bit WEP keys, and 200,000-250,000 packets for a 128-bit WEP key.

5. On a slow WLAN, capturing the requisite number of weak IVs can take some time. To accelerate the attack, the hacker will next inject a captured WEP frame back into the network to generate more traffic. This takes advantage of the fact that WEP has no "replay protection" mechanism to prevent this. An injection rate of 512 packets per second generally results in the required number of IVs being captured between 10 min for 40-bit and 30 min for 128-bit WEP. If no client is present on the WLAN to generate traffic that can be captured and reinjected, in most cases the attacker's own system can be made to do so.

6. After a sufficient number of IVs is captured, the hacker runs the AirCrack tool, which will attempt to crack and disclose the WEP key.

7. Once the WEP key is known, the hacker can connect to the AP just as a legitimate client would - and the WLAN owner would be none the wiser.

User Avatar

Wiki User

13y ago
This answer is:
User Avatar

Add your answer:

Earn +20 pts
Q: What is a weakness of WEP that is solved by WPA?
Write your answer...
Submit
Still have questions?
magnify glass
imp
Related questions

Use of the wireless wep key?

WEP allows you to encrypt your wireless connection protection it from people you can use your private information against you. WEP cannot be trusted because of weakness in its encryption algorithm. It's better to use WPA, or if you can WPA-PSK2 AES.


What does a WEP or WPA key mean for the Xbox 360?

wep and wpa both are encryption standards to make a more secure wifi network, so your xbox needs to have the same wep/wpa code that your router is set to. if you have to choose between wep or wpa, choose wpa if possible because it is virtualy uncrackable and it will save your bacon


What replaced WEP?

WEP has been replaced by WPA.


When I change my WPA key to WEP it doesn't save Help?

WPA and WEP are not compatible with each other. They are completely different kinds of encryption.


I have a DSi and connect to WPA-2 and Pokemon diamond asks for a WEP can I still connect on Pokemon Diamond with WPA-2?

no i had to change mine back to a wep


What two encryption methods are used in wireless networks?

The three main methods of encryption for 802.11 wireless networks are the following: # WEP (Wired Equivalent Privacy) # WPA (WiFi Protected Access) # WPA2 (WiFi Protected Acess)


What is a WEP and a WPA key mean?

The internet password for your wifi


What security key to put internet on the dsi?

WPA or WEP


Why is WPA preferred over WEP?

WEP is a part of 802.11. WEP is not secure because its wickness in the encryption mechanism. Which is used by many wireless network scanners. It takes about 5 minutes to hack WEP. It's highly recommended to use WPA or WPA2-PSK AES over WEP.


Do all routers have a wep key?

Yes you can set up a WEP on any router, but WEP is not very secure.WPA and WPA 2 would be a better way to go.


How do you get WPA key on Nintendo DS lite?

You can't, the DS lite cannot use WPA encryption. It can only use WEP.


Is WPA and WPA2 are secure forms of encryption?

Yes. WEP is easily hackable.