WEPWedgie

By | June 5, 2006

The original 802.11 protection standard was known as WEP. This scheme has two parts: one for privacy of data through encryption, and another for the authentication of users. In the case of the privacy part of WEP, it was quickly learned that the algorithm used to encrypt the data (RC4) was not properly implemented, which created a statistical situation where the shared key was exposed over time. Most experienced computer users are aware of this flaw, which is covered in great detail in the article Cracking WEP.

As previously mentioned, WEP was also supposed to provide a means for authenticating users before they could connect to the wireless network. This was implemented via a scheme called Shared Key system that verified a user was allowed to connect via a shared password. Unfortunately, the authentication process was also found to be flawed, and subsequently a tool was created called WEPWedgie that demonstrated just how dangerous it was to use Shared Key authentication. This section will look at the underlying flaw and how it is abused so you can see for yourself why open authentication is the only safe option.Read Full Story

Leave a Reply