WEP vs. WPA security

frankyk

Gawd
Joined
Jan 30, 2004
Messages
891
I hear that WEP is not secure at all and it can be cracked pretty easily, is this true?

I'm currently running WPA on my network, but my dad's laptop has a pc card for his laptop that only supports WEP, I dunno what to do since I don't want to kill the security of my network by going to WEP if WEP is pretty bad. What do you guys think?
 
frankyk said:
I hear that WEP is not secure at all and it can be cracked pretty easily, is this true?

I'm currently running WPA on my network, but my dad's laptop has a pc card for his laptop that only supports WEP, I dunno what to do since I don't want to kill the security of my network by going to WEP if WEP is pretty bad. What do you guys think?

Search the forum, this has been discussed over and over. Short version, WEP is similar to putting a sign on your door asking people not to open the door.
 
WEP is better than nothing at all, since very few people would bother a WEP enabled WLAN when generally speaking there will be many others nearby that aren't secured at all. But for someone with the desire and tools it's pretty easy to bypass. There are, I believe, AP's that support both encryption techniques at the same time. Now what this would do to latency for both packet streams I couldn't say. The overhead of the AP processor would be impacted. Just don't know how much. If security is an issue then replace your Dad's card. Either mini PCI, PC card or USB client devices are pretty cheap. Very cheap if you consider what is at stake if the security in place is breached.
 
ktwebb said:
WEP is better than nothing at all, since very few people would bother a WEP enabled WLAN when generally speaking there will be many others nearby that aren't secured at all. But for someone with the desire and tools it's pretty easy to bypass.

'Zactly. Better than nothing.

This is a home too right? What environment is around the OPs home? This a house? Apartment/Condo complex?

People say "Yeah..WEP can get cracked in minutes". Ever read how it's done? Takes a bit of sit down work.

If you're that worried about it..replace the PC card with a G card...they're so cheap these days.
 
YeOldeStonecat said:
If you're that worried about it..replace the PC card with a G card...they're so cheap these days.

No YeOldeStonecat, we need to have a long drawn out arguement about the differences between the methods of encryption first. You can't just jump to the most logical and helpful bit of information. Dear gods man, this is the Internet...


:)
 
yeah, its definitely *not* a couple of minutes to crack... but i tell people "if you have a web browser, google, and can read... you can crack WEP encryption".

its basically trivial, i would say its time to upgrade your dads card to one that supports what the rest of your network runs.
 
Sharaz Jek said:
yeah, its definitely *not* a couple of minutes to crack...

With the right tools by someone who's done it a couple of times with a weak password it can be quick. Most people will take upwards of 30-45 minutes the first time they try it.
 
my dad lives in a house, it's a pcmcia card (or whatever the acronym is).

he uses win 2000 and it's some ghetto asus card that only supports WEP, no chance to make it support WPA? i read that it does support WPA somehow, but don't know how to enable it, perhaps that was false advertising.
 
frankyk said:
my dad lives in a house, it's a pcmcia card (or whatever the acronym is).

he uses win 2000 and it's some ghetto asus card that only supports WEP, no chance to make it support WPA? i read that it does support WPA somehow, but don't know how to enable it, perhaps that was false advertising.

Check on the asus website to see if they have updated drivers for the card.
 
WEP is kinda like door locks. They keep honest people honest.

A standard door lock on your typical house or shop isn't tough to crack.

If you're worried about security, WEP aint it, but it's better than nothing. With nothing, clients tend to connect to the strongest available signal. Without some security, your neighbor might not ever notice that he's on your wireless and paying his ISP bill for nothing.
 
I've seen WEP broken -- at a site I set up for someone I know. I'd set it up with the highest level of WEP available and SSID hiding, and noticed a foreign address connected to it sometime later.

Since then I don't deploy WEP if at all possible, and even encourage upgrading to newer hardware when necessary, and setting up WPA with a long randomized key.
 
Let me put it to you this way, wireless is a risk and you and your dad need to decide what level of risk you're willing to accept.

WEP will keep out the curious, but the riff-raff that would wish to do him harm or other illegal acts will be able to bypass WEP in minutes. Yes, minutes. Depening on the traffic loads, processing power, and their skill level it can be as fast as 2 minutes.

WPA is better, but its not the be-all, end-all to wireless security. To a skilled intruder WPA is only marginally better.

WPA2 is good enough to a lot of people because it can be a bitch to crack.

WPA2 plus layer 2 & 3 authentication mechanisms are the next logical step in protecting a network.

After that we get into PKI and some funky tools that can be a right PITA to set up.
 
For those that say nothing is better than WEP or WEP is the same as no security, have any of you even cracked the WEP security measure? I think over time, after listening to so many stating that WEP sucks, you're right. WEP CAN be cracked, but so can WAP or WAP2. If someone REALLY wants to break into your network and they have the know how or desire, they would break in regardless of the types of security measures you put up. For most that are just looking to hop onto your network just so they can get online, they're not gonna bother hacking in and just look for one thats unsecured. I only use WAP2 just because it gives me some peace of mind, not because I think its fool proof. So for those of you that say WEP is so easily hacked, how many do and how many don't? Bottom line, WEP is safe enough to use because it IS better than nothing at all.
 
Outrigger said:
Bottom line, WEP is safe enough to use because it IS better than nothing at all.

If it was really safe enough, then you should back this up by running it yourself. Why bother buying devices supporting WPA2 / downloading such drives / etc., if WEP's good enough?

I'd also like to see demonstrations of WPA and WPA2 cracking when 63-character randomized keys are used.
 
BobSutan said:
The last time I tried setting that up at home, radius made me it's bitch. :p
Never did get it working either.
I plan on using IAS instead... :eek:
 
Outrigger said:
For those that say nothing is better than WEP or WEP is the same as no security, have any of you even cracked the WEP security measure?

Yes.

What again was your point? Because it reads like it doesn't matter if a security system doesn't actually work as long as it makes you feel good.
 
Malk-a-mite said:
Yes.

What again was your point? Because it reads like it doesn't matter if a security system doesn't actually work as long as it makes you feel good.

Same. Just because you haven't cracked WEP doesn't mean others can't or won't.
 
BobSutan said:
The last time I tried setting that up at home, radius made me it's bitch. :p
Glad to hear I'm not the only one. I gotta take some time to set up free radius.
 
i used the highest available with my hardware, which is WPA2+PSK or something like that, wasn't hard to set up at all

but it's likely overkill, mostly just methheads with mullets riding by my house in camaros to go to wally world to get some cheetos and walmart shotguns
 
I use WPA on my network (usb wireless key is limited and I will upgrade when i get money) but I feel secure since my router picked not less than 7 wireless networks around my house and everyone is either using WEP or WPA. Chances of someone targeting me is very small compared to those who use WEP.

My opinion is that WEP/WPA keys is like the door locks. Even if you spend 500$ on the best lock, it will be useless if someone can use a brick and break a window to enter. But you still feel safe because the vast majority won't try to enter your house... It's a "honor" and "respect" thing with the neighbor. Same for the wireless networks and if someone respect the privacy, they won't bother with them.
 
What about enabling MAC address filtering? Does that help with securing your home network? Right now, that's all I have enabled, no WEP or WPA.
 
bubsie said:
What about enabling MAC address filtering? Does that help with securing your home network? Right now, that's all I have enabled, no WEP or WPA.

Without any encryption your information is in the clear, so it's a simple matter to watch the data, pick out a valid MAC address and clone your device to match. Like that... anyone has access to your network and your data.
 
Unfortunately, it's all too easy to get into systems these days. I've got a CEH (Certified Ethical Hacker, seriously) cert now - and man that was easy to get. But even before I started being interested in having that cert just for shits and giggles, I've been part of the Auditor/BackTrack project from Remote-Exploit.org since it's inception.

With an 11bg wireless card, my BackTrack 2.0 CD, and well under 30 minutes, I can get into most any wireless network that doesn't use the aforementioned Radius setup. WEP? Hot knife through butter. WPA? Hot knife through a buttered bagel, a little tougher. WPA2? Like eating a steak with that same knife. MAC filtering? Irrelevant since every packet is tagged with a MAC - encryption doesn't help there.

There is no practical security that can protect your data if you use a wireless connection and someone wants it. Not everyone has access to Radius-enabled hardware, hence the practical security meaning most everyone has WEP/WPA/WPA2 and, for the "wily hacker," it's not protection at all.

The best rule of thumb is: use what you've got and be done with it. If you want better security, stop using wireless, period.
 
boy i sure hope no one hacks my wep network and gets into all my priceless WoW game files. Or my kids cartoon network internet links, I'm not sure what I would do.

/sarcasm off


d.
 
bbz_Ghost said:
Unfortunately, it's all too easy to get into systems these days. I've got a CEH (Certified Ethical Hacker, seriously) cert now - and man that was easy to get. But even before I started being interested in having that cert just for shits and giggles, I've been part of the Auditor/BackTrack project from Remote-Exploit.org since it's inception.

With an 11bg wireless card, my BackTrack 2.0 CD, and well under 30 minutes, I can get into most any wireless network that doesn't use the aforementioned Radius setup. WEP? Hot knife through butter. WPA? Hot knife through a buttered bagel, a little tougher. WPA2? Like eating a steak with that same knife. MAC filtering? Irrelevant since every packet is tagged with a MAC - encryption doesn't help there.

There is no practical security that can protect your data if you use a wireless connection and someone wants it. Not everyone has access to Radius-enabled hardware, hence the practical security meaning most everyone has WEP/WPA/WPA2 and, for the "wily hacker," it's not protection at all.

The best rule of thumb is: use what you've got and be done with it. If you want better security, stop using wireless, period.

Unless if someone uses "1234" (or equalivant) for their PSK on WPA/WPA2, you're not getting in, period.
 
dmize said:
boy i sure hope no one hacks my wep network and gets into all my priceless WoW game files. Or my kids cartoon network internet links, I'm not sure what I would do.

/sarcasm off


d.

Or transfers kiddie porn and the FBI shows up at your house, arrests you, confiscates you computer gear, and you lose your job, house, etc because someone popped your wireless.
 
Moofasa~ said:
Unless if someone uses "1234" (or equalivant) for their PSK on WPA/WPA2, you're not getting in, period.

It doesn't matter what they use for a key since the process works by forced deauthorization which causes the AP to disconnect/drop the client(s) and during the reconnect that's when the relevant data is captured, regardless of what the PSK is. All this is covered in multiple documents online, websites, and a lot of printed materials nowadays.

In a lot of respects, it can take less time to get into a WPA/WPA2 system than WEP.
 
BobSutan said:
Or transfers kiddie porn and the FBI shows up at your house, arrests you, confiscates you computer gear, and you lose your job, house, etc because someone popped your wireless.


wonder how often that happens...

d.
 
bbz_Ghost said:
Unfortunately, it's all too easy to get into systems these days. I've got a CEH (Certified Ethical Hacker, seriously) cert now - and man that was easy to get. But even before I started being interested in having that cert just for shits and giggles, I've been part of the Auditor/BackTrack project from Remote-Exploit.org since it's inception.

With an 11bg wireless card, my BackTrack 2.0 CD, and well under 30 minutes, I can get into most any wireless network that doesn't use the aforementioned Radius setup. WEP? Hot knife through butter. WPA? Hot knife through a buttered bagel, a little tougher. WPA2? Like eating a steak with that same knife. MAC filtering? Irrelevant since every packet is tagged with a MAC - encryption doesn't help there.

There is no practical security that can protect your data if you use a wireless connection and someone wants it. Not everyone has access to Radius-enabled hardware, hence the practical security meaning most everyone has WEP/WPA/WPA2 and, for the "wily hacker," it's not protection at all.

The best rule of thumb is: use what you've got and be done with it. If you want better security, stop using wireless, period.

So why does radius make it that much harder?
 
dmize said:
wonder how often that happens...

d.
Tell ya what; Run an open access point and let us know how it turns out for you.

The RIAA isn't terribly interested in facts; So when they come knocking on your door with a warrent to take your harddrives because someone on your connection was downloading music, you'll be safe right? Even if you don't have any questionable music on any of your drives at the time, the legal process alone could bankrupt most middle income families.
 
bbz_Ghost said:
It doesn't matter what they use for a key since the process works by forced deauthorization which causes the AP to disconnect/drop the client(s) and during the reconnect that's when the relevant data is captured, regardless of what the PSK is. All this is covered in multiple documents online, websites, and a lot of printed materials nowadays.

In a lot of respects, it can take less time to get into a WPA/WPA2 system than WEP.

No it's not. If you have a strong password, you will never crack it using that method. Yes your method works if their password is "1234", but if it's much more complex, the amount of time it would take to guess the correct password could take years.
 
After searching the Remote-Exploit.org site for way too long, it seems as though cracking WPA is only possible with a dictionary attack on possible passphrases. That sorta leaves out a few ba'trillion keys doesn't it? The only thing I found was cracking WPA is quote "slim to none.

Unless I missed something here, it seems as a fully randomized key would not work with this method. Cracking weak passwords don't seem like much of a hack.

If that's incorrect.....
Throw me a bone.
 
u guys are looking to deep into it, reverse engineer a bit and you relize it still simple networking.

even on our broadcast wifi networks at work , we allow any device to connect, but if not provisioned only at 14.4. why ? cause cracking it is to easy , if you dont allow a connection., with a auto connect, the repeating software that tries to crack the keys doesnt work, as it designed for only rejections.

once again check the nat ip for the device, and put that into your card, the wep and wpa is for broadcast only . anything behind the broadcast is fair game and easily crackable.
 
Back
Top