A Blast From the Past: WEP - One of the Poorest Wi-fi standards ... Ever!

I used to love teaching wi-fi, especially in the teaching of electromagnetic wave and in outlining the disaster area that was WEP (Wireless Equivalent Protocol). Without a doubt, it was one of the sloppiest standards ever created and broke the rules on good practice on virtually every page. So if you wanted to show how not to design a protocol, then WEP was certainly in the Top 10.

RC4

Most encryption methods for protecting data streams are now mostly block-based (where we take either 64 bits or 128 bits at a time and then them. In the early days of wi-fi, block often required expensive hardware, thus stream were used (and which operated on one bit at a time). The method selected WEP was RC4 (Ron's Cipher 4), and which could be implemented fairly simply and with a varying encrypting key size. with we create a passphrase and then have some salt value (known as an Initialisation Vector - IV), and then we generate an infinitely long encryption key. This key is then EX-OR'ed with the bit stream, one bit at a time. You can try it here.

RC4 is fast and efficient, and we can have keys of different sizes. For example:

• Message=Hello, Key=0102030405 Keystream: b2 39 63 05 f0 3d c0 27 cc c3 52 4a 0a 11 18 a8 Try
• Message=Hello, Key=01020304050607 Keystream: 29 3f 02 d4 7f 37 c9 b6 33 f2 52 85 b4 6b Try
• Message=Hello, Key=0102030405060708 Keystream: 97 ab 8a 1b f0 b9 61 32 f2 f6 72 58 da 15 a8 Try
• Message=Hello, Key=0102030405060708090a Keystream: ed e3 b0 46 43 e5 86 cc 90 7d c2 18 51 70 99 02 Try
• Message=Hello, Key=0102030405060708090a0b0c0d0e0f10 Keystream: 9a c7 cc 9a 60 9d 1e f7 b2 93 28 99 cd e4 1b 97 Try
• Message=Hello, Key=0102030405060708090a0b0c0d0e0f10 1112131415161718 Keystream: 9a c7 cc 9a 60 9d 1e f7 b2 93 28 99 cd e4 1b 97 Try

In order to change the keystream, we normally add the salt (IV) onto the key and then generate the keystream.

WEP

With WEP, in order to produce the stream, we take the passphrase and then concatenate it with a 24-bit IV (Initialisation Vector), and take the RC4 value of it. We then EX-OR the output of this with the data to create the and send the , along with the IV vector. On the other receiver side, we use the passphrase (which is secret and shared on both sides) with the IV and generate the same key, and then simply EX-OR it with the received stream, and the text will be the same of the original data.

with WEP, we waited until the IV value came around again, we EXOR'ed the two streams:

(MESS1 ^ [Passphase + IV)) ^ (MESS2 ^ [Passphase + IV))

when we EXOR the same value together we nullify the EXOR'ing, so we get:

((MESS1 ^ MESS2)

so that the key (and IV) has disappeared, and we don't have the key anymore. The intruder would then just run some frequency and reveal the original messages.

WEP is thus the king of bad practice, where Intruders eventually got it down to a few hours (by sending lots of ARPs). It had a 24-bit IV value, thus it had 16,777,216, so if we send 1,000 packets a second, then it takes approximately 16,777 seconds to repeat, it will repeat in 279 minutes (or 4.66 hours).

Here are some examples:

• Message1 = "hello", Message2 = "hello", Key=" ". Try!. Result is 0000000000
• Message1 = "hello", Message2 = "hello", Key=" ". Try!. Result is 0000000000
• Message1 = "hello", Message2 = " ", Key=" ". Try!. Result is 0000001C00
• Message1 = "hello", Message2 = " ", Key=" ". Try!. Result is 0000001C00
• Message1 = "The boy", Message2 = "The car", Key=" ". Try!. Result is 00000000010E0B
• Message1 = "The boy", Message2 = "The car", Key=" ". Try!. Result is 00000000010E0B

WEP was one of the greatest disasters in cryptography and broke virtually every rule. As its core was the simple EX-OR'ing of the , using an IV and passphrase. Once the IV repeated, it was easy to determine the original messages. If you're interested, some of the problems of WEP

days, too, we could easily have attacked the passphrase with a dictionary attack or by brute force (anything up to eight characters is almost instantly cracked now if we use an arrange of GPUs). As we see the salt value, we basically just add that to our dictionary or brute force and give it a try.

Conclusions

WEP was retired, ungracefully, and replaced by WPA-2, which still used RC4, but where the IV was 48-bits (and where it was re-generated before it could come around again). The negotiation phase also introduced PBKDF2 as a hashing method to hide the password, and which is difficult to crack. It is still weak to short (or dictionary)-based passwords. Here is me cracking WPA-2 using a Raspberry PI and Kali: