Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'WEP is not useless' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
WEP is not useless
Authored by: hayne on Dec 14, '04 12:40:15PM

Note that there is a big difference between the WEP in common use a few years ago and that used by up to date software (e.g. any of the relatively recent Airport versions). The commonly held opinion of the weakness of WEP is due to bugs that were in the early implementations.

It is very difficult to crack an up to date WEP network. It would take days if not weeks as compared with the hours mentioned in the (outdated) O'Reilly article referred to in another comment.

Sure, if you have WPA available to you, you should use it in preference to WEP. But WEP provides quite strong protection.



[ Reply to This | # ]
WEP is not useless
Authored by: schaps on Dec 14, '04 12:52:14PM

I have not read that WEP protocol was improved, to the best of my memory. Do you have any links to more info on that?



[ Reply to This | # ]
WEP is not useless
Authored by: raider on Dec 14, '04 04:13:32PM
WEP has not been modified at all. In fact, the last modifications were WEP2, which brought about the 128bit keys. That was like in 2000 or 2001. WEP is just as insecure now as it was then, if not more so.

Now, there has been a standard in the works for a while. 802.11i . Since 802.11i was in the development stages - WiFi alliance took a lot of the 802.11i pieces and implemented what we know as WPA. WPA is essentially a beta version of 802.11i (or a subset).

The 802.11i standard has been finalized, and this is one of the most recent articles I can find (June 2004): 802.11i Security Specification Finalized

But it is worth noting that 802.11i is the finalization (and imporvements) of what was started with WPA - and has nothing to do realistically with WEP.

The other question is when 802.11i will make it into vendors products, and if many of the current products will be firmware updateable. (It seems as though they should be, since WPA is a good chunk of 802.11i).

However, using WPA with a GOOD (like 32 character random) password is reasonably secure. 802.11i will improve on that.

But the simple fact is that if you are using airwaves for your tellecommunication - it can be hacked. The issue is how much effort does it take. If the work level vs. payoff is too high, then the cracker will move on. That is the same with any security, even physical security. Any door can be broken down if you want to bad enough - but what is the effort and risk vs. reward ratio? At my house? Not much. ;)

[ Reply to This | # ]
802.11i needs crypto-acceleration
Authored by: _merlin on Dec 14, '04 04:37:45PM

WPA is a subset of 802.11i that doesn't require hardware acceleration. It was designed so that existing cards could be upgraded from WEP to WPA with a firmware update. Full 802.11i support requires cryptography-accelerated hardware, so unfortunately, it isn't just a firmaware update.



[ Reply to This | # ]