Talk:Wired Equivalent Privacy
|This is the talk page for discussing improvements to the Wired Equivalent Privacy article.|
|This article is of interest to the following WikiProjects:|
The fact that you have to pay for access to the reference, lessens its value as a reference and I think should be changed in favour of some other source. 184.108.40.206 (talk) 22:30, 23 March 2013 (UTC)
Crack WEP in x minutes
The article mentions that a WEP key can be broken in 10, two minutes or less and quotes the FBI breaking WEP in 3minutes. I guess the speed at which WEP can be broken is dependent on the number of packets that are captured, thus it makes more sense to define how many megabytes of data need to be captured to enable an attack? It should then be discussed how quickly this much traffic can be accumulated. Breaking WEP in an office environment, where there are a hundred users should be quicker than a home network, where there is a single user.
EXTRACT: In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network. Depending on the amount of network traffic, and thus the number of packets available for inspection, a successful key recovery could take as little as 10 minutes. If an insufficient number of packets are being sent, there are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely available software such as aircrack-ng and crack any WEP key in two minutes or less.--Bah23 13:54, 1 February 2007 (UTC)
- The newer techniques demonstrated by the FBI can stimulate the needed network traffic and do not depend on how busy the network is. See  --agr 14:31, 1 February 2007 (UTC)
- From the excerpt you (Bah23) just provided: "If an insufficient number of packets are being sent, there are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key."
- So ditto agr, an attacker is able to simulate traffic on a WEP-protected network even if they do not know the key. -- intgr 14:36, 1 February 2007 (UTC)
10 minutes, or even two minutes is for a novice without much experience. I have cracked 64 WEP as part of a security demo in under a minute and a half. —Preceding unsigned comment added by 220.127.116.11 (talk) 22:44, 31 August 2009 (UTC)
Paper preceding Fluhrer/Martin/Shamir
The article doesn't mention the paper Unsafe at any key size; An analysis of the WEP encapsulation submitted to the IEEE 802.11 working group (?) by Jesse Walker. The paper seems to predate the Fluhrer/Martin/Shamir attack (Oct 2000 vs. 2001) and claims to describe easily implemented, practical attacks against WEP that succeed regardless of the key size or the cipher. Can anybody familiar with this literature judge the merits of this? Grr82 (talk) 05:00, 4 September 2009 (UTC)
Although it may be true, it doesn't look appropriate to begin the article with a statement about WEP's inadequacies. The page is written as though the author has a particular dislike of the subject, and should be presented with a more matter-of-fact tone. 18.104.22.168 (talk) 06:42, 7 August 2010 (UTC)
I don't find the article to be not-neutral. It begins with a statement of facts - that WEP is a deprecated standard, and that it is susceptible to eavesdropping. These are both widely-accepted facts that are essential characteristics of WEP. How is this not neutral? Would it be wrong to start an article on Whale Oil by saying it was a popular source of fuel that is no longer used because it involved killing endangered species? I would like to remove the question about balance / neutrality. Does anyone disagree? Ericcoll (talk) 22:21, 25 January 2011 (UTC)
I thought exactly the same as the original user above. OBVIOUSLY the 'Flaws' of WEP need to be discussed but I'm not sure the opening paragraph is the place to do it: Wikipedia covers many other, far less secure, methods of 'encryption' (ROT13, Caesar Cipher) without taking shots at the algorythms' insecurities. Notably, in the latter example, the "Breaking the Cipher" section (analogus to the WEP article's "Flaws" section) is brought up toward the end of the article. Basically, I think we all agree that Wikipedia should be about facts about the algorythm's design, working and intention, not focussing on the problems and weaknesses of WEP. To put it another way, any encryoption algoryhm (with the exception of a OTP) may be vulnerable to attacks we hadn't considered: vulnerability has to be a different section from content. Apropos to which, I've rewritten the opening paragraphs to be more neutral while still leaving factual material present, e.g. that the algorythm is officially deprecated. --Christopher (talk) 03:02, 10 March 2011 (UTC)
- Generally agreed, especuially with the more harsh criticisms you removed. But I restored some of the detail about being superseded by WPA and the IEEE referring to it is deprecated. Seems germane. --Errant (chat!) 09:51, 10 March 2011 (UTC)
- I think you're right there (possibly I went a bit far in redacting). I'm glad the relevant detail isn't in the first paragraph anymore, save for the word 'deprecated'. --Christopher (talk) 11:22, 10 March 2011 (UTC)
I think the alternative name(s) need to be clarified. I have always known this as WEP with properly knowing what the name actually is. However I have seen/heard "wired" and "wireless" both used for the "W", seen/heard both "equivalent" and "encryption" used for the "E", and only seen "protocol" for the "P" (until I found this article). Perhaps a section on this should be added listing the other seven combinations:
- Wired Equivalent Protocol
- Wired Encryption Privacy
- Wired Encryption Protocol
- Wireless Equivalent Privacy
- Wireless Equivalent Protocol
- Wireless Encryption Privacy
- Wireless Encryption Protocol
Usage by Nintendo
Is it worth mentioning Nintendo's use of WEP for Nintendo Wi-Fi Connection? The newer Nintendo DSi can connect to the internet using WPA security, but the older Nintendo DS and many games even on the DSi require use of WEP. The recently released Pokemon Black and White games require WEP-based security in order to enable the "mystery gift" that can be downloaded to the game. From the Nintendo support page -- "Nintendo DS games with online play still require the use of WEP or no security to connect with the Nintendo WFC."
Use of the word buddy
"The access point can then be used to decrypt these packets and relay them on to a buddy on the Internet, allowing real-time decryption of WEP traffic within a minute of eavesdropping the first packet."