These days, it is fashionable to have a wireless Network or internet connection to your cherished laptop or PC. This breaks the barrier of you having to find a cabled network. There are 3 major problems with WEP (which stands for “Wired Equivalent Privacy,” . Key distribution. If you aren’t the only person on the network, getting the key out to other people is a non-trivial task and can be the weakest link. 40-bit - the standard WEP key size is completely insufficient and can be cracked in relatively no time. 128bit versions of the same are available but these too can be cracked in just a few minutes! The actual user keys (codes) are 40 bits and 104 bits, with the extra 24 bits used by something called the Initialization Vector (IV). The encryption is created by taking the IV and randomizing it for each packet, while keeping the secret code the same. The AP and the client decrypt and retrieve the message/data and all is right in the world, in theory. This is the big one - the WEP authentication protocol relies on DNS and is therefore prone to massive man-in-the-middle attacks. Wireless LANs are Unsafe at Any KeySize; and analysis of the WEP encapsulation . WEP is especially dangerous because it establishes a false sense of security that cause people to be more willing to send sensitive data over the network. You still need to use some other encryption methods rather than WEP - even at its best it gives the privacy that falls short of the standard Ethernet LAN. Other technologies are under development to improve the state of wireless security, such as the IEEE 802.11 Task Group E, which is trying to develop an authentication scheme suitable for 802.11 wireless networks, or the IEEE 802.1x protocol which will do similar things at a more generic level. Wifi Protected Access. It bridges the gap between WEP and the upcoming 802.11i standard, and is implementable via firmware upgrades in older hardware. WPA uses Temporal Key Integrity Protocol (or TKIP), which is designed to a low WEP to be upgraded through corrective measures that address the existing security problems. Advantages over WPA: The WPA key length has increased to 48 bits from 24 bits, which allows WPA to achieve over 500 trillion possible key combinations. These are now better protected through the use of the TSC, or TKIP sequence counter, helping to prevent the re-use of IV keys. I have not gone into the Enterprise level of WPA, which is actually intended to be used with something called a RADIUS server for access control. Most home users use what is called WPA-PSK, which is for use on smaller networks that need good security without the extra cost and configuration. WPA and WPA-PSK use the same encryption methods, however. Next time you encounter a wireless network, think twice before you connect to that network, it could be a hoax network or an insecure network. eddie@afrowebs.com
