Thursday, May 13, 2010

Unsecured Wifi and we------Part-2

Dear friends,

I promised you that some interesting topics on wifi would be forthcoming for you so I decided to explain it in part 2 about why the WEP and WPA are unsecured in a easy way and one of my team members Mr. Sudipta Pal of Future Netwings ( has tried to explain this before you in an easy and understandable manner. So please read it:-

WEP - Wired Equivalent Privacy.

This is the most primitive wireless encryption technology that uses static Pre Shared keys (single/multiple). WEP has three versions - 64 bit or 128 bit or 256 bit.
An WEP key is formed by concatenating a pre shared key with another quantity called IV (Initialization Vector).
Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key.
A 128-bit WEP key is almost always entered by users as a string of 26 hexadecimal (base 16) characters (0-9 and A-F). Each character represents four bits of the key. 26 digits of four bits each gives 104 bits; adding the 24-bit IV produces the final 128-bit WEP key.
A 256-bit WEP system is available from some vendors, and as with the 128-bit key system, 24 bits of that is for the IV, leaving 232 actual bits for protection. These 232 bits are typically entered as 58 hexadecimal characters. (58 × 4 = 232 bits) + 24 IV bits = 256-bit WEP key.

Release time: 1997
Encryption: WEP
Authentication: Open (none) or Shared using the pre-shared, static WEP key.
Suitable for Corporate: No, WEP can be cracked in few minutes. Please refer to for a video on this.
Suitable for Home/Small Business: No A home should never use this because if a criminal activity happens, the homeowner may not have the political muscles to fight the charges.
Suitable for Corporate: Corporate should never use WEP. However, if at all WEP needs to be used in order to support legacy wireless applications; one should implement technologies like EAP-TLS in order to compensate for the weaknesses of WEP. WEP alone is worse than not having any security at all. Because it leads to false sense of being secured.
Cracking time: Few minutes

WPA (Wireless Protected Access)

WPA is built upon WEP, making it more secure by adding extra security algorithms and mechanisms to fight intrusion. Perhaps the most important improvement over WEP is a dynamic security key exchange mechanism and much more improved authentication and encryption mechanisms.
WPA is also better than WEP in its data encryption abilities. While WEP uses the same static security key for both encryption and decryption of all communication (the key never expires), WPA implements a mechanism involving a number of security keys. This is done through so-called Temporal Key Integrity Protocol (TKIP). This is a revolutionary improvement because even if the intruder obtains one security key, he will not be able to use it for long. This system changes the security key used for data transmission every specified amount of time to prevent cracking attempts.
When we talk about security keys, we implicitly talk about a working mechanism of security keys. The TKIP mechanism shares a starting key between devices, but each device then changes its encryption key for the ongoing communication.

WPA has two variants: WPA-PSK (Pre-Shared Key) and WPA-802.1x

WPA-PSK uses a user defined password to initialize the TKIP, temporal key integrity protocol. There is a password and the user is involved, for the most part that means it is flawed. The TKIP is not really crackable as it is a per-packet key but upon the initialization of the TKIP, like during an authentication, we get the password (well the PMK anyways). A robust dictionary attack will take care of a lot of consumer passwords.

WPA-802.1x involves physical transferring of the key and encrypted channels, it requires one to implement the authentication of the users based on Active Directory or other LDAP based directories.

Release time: April 2003
Encryption: TKIP
Authentication: PSK or 802.1x
Suitable for Corporate: May be, WPA can be cracked though it takes much longer time compared to WEP. For Corporate WPA-802.1x needs to be implemented where the authentication database would reside on the Active Directory or any other LDAP directory. WPA-PSK is not recommended for corporate.
Suitable for Home/Small Business: Since most of the homes/SMBs cannot afford a Directory server, the only choice they will have is WPA-PSK. A home may opt for this since most of the security best practice guidelines consider this as sufficient. The users in this case need to do MAC binding along with WPA-PSK.
Cracking time: 30 minutes to one hour if the PSK is based on dictionary words. It would take few days if non-dictionary words are used. A brief guide may be accessed at:

I think you have enjoyed it.

Thanking you

Urpromlemmysolution Team

No comments: