Contact:[email protected]
There are 3 major problems with WEP (which stands for "Wired Equivalanet Privacy," BTW. I will list them in order of increasing severity. 1) Key distribution. If you aren't the only person on the network, getting the key out to other people is a non-trivial task and can be the weakest link. 2) 40-bit - the standard WEP keysize is completely insufficient and can be cracked in relatively no time. 128bit versions of the hardware are available, however, so this is an improvement. 3) This is the biggie - the WEP authentication protocol relies on DNS and is therefore prone to massive man-in-the-middle attacks. There is a paper by Jesse Walker called "Wireless LANs Unsafe at Any Key Size; and analysis of the WEP encapsulation" that I encourage everyone to read. WEP is especially dangerous because it establishes a false sense of security that cause people to be more willing to send sensitive data over the network. You still need to use some other encryption method on to of WEP - even at best it gives the privacy of a standard ethernet LAN. Other technologies are under development to improve the state of wireless security, such as the IEEE 802.11 Task Group E, which is trying to develop an authentication scheme suitable for 802.11 wireless networks, or the IEEE 802.1x protocol which will do similar things at a more generic level. There is no existing good solution to the wireless problem (PPPoE hacks aside). -Alison http://www.andrew.cmu.edu/~alison/ Back to the Index