German security researchers: WEP is not secure enough

German security researchers: WEP is not secure enough

WEP as per Wikipedia is: Wired Equivalent Privacy (WEP) is a scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks (also known as Wi-Fi networks). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping.

Now, three German security researchers have said in a report that consumers should not rely on this protocol to protect sensitive material considering they have now found a faster way to crack it.

They also demonstrated their way to crack WEP at a security conference in Hamburg this weekend. In fact, it has been known since 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed.

The researchers said that it now takes just around 3 seconds to extract a 104-bit WEP key from intercepted data using a 1.7GHz Pentium M processor. Erik Tews, a researcher in the computer science department at Darmstadt University of Technology in Darmstadt added: “We think this can even be done with some PDAs or mobile phones, if they are equipped with wireless LAN hardware.”

Tews added: “Depending on your skills, it will cost you some minutes to some hours to switch your network to WPA. If it would cost you more than some hours of work if such private data becomes public, then you should not use WEP anymore.”