• Div0 Blog Editor

WEP (In)Security

In cryptography, it is a bad practice to use the same encryption key to encrypt every single packets/data. If Eve the eavesdropper has a copy of the encryption key used between Alice and Bob, although she’s unauthorised to read things not sent to her, she will be able to read all packets/data communicated between Alice and Bob.

WEP IV (Initialisation Vector) Security Flaw

Based on this diagram:

  1. A plaintext that is going to be encrypted will be going through an Integrity Check Algorithm to produce an ICV which is sent with the packet to ensure the packet has not been altered with.

  2. The Secret Key (Encryption Key) will go through a pseudorandom number generator to make a key sequence which has the same length as the plaintext. It then uses a 24-bit IV as part of the secret key.

  3. Lastly, the plaintext with ICV is encrypted by Bitwise XOR Process with the key sequence created in step 2 to create ciphertext.

The vulnerability is in the IV — The 24-bit IV is equivalent to a total number of 2^24 useable IV. Although 16,777,216 seems a lot, IV is reused in a matter of 2-3 hours. Reusing IV is as good as reusing a password — You can calculate the encryption key through statistical attacks.

It is not a good idea to use WEP if better encryption standards are available.

Cracking WEP

With the limited number of IV, by listening to the Wi-Fi frequency channel and collecting enough packets, you can statistically calculate the encryption key through a suite of tools provided by the AirCrack suite.

Do Note
  1. Injection of packets might not work on all Wi-Fi cards as only certain chipset are supported.

  2. Do not hack into other’s network or risk being prosecuted under the Computer Misuse Act.


Max Chee.

9 views0 comments