Wired Equivalent Privacy

Wired Equivalent Privacy (WEP) is an obsolete, severely flawed security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.^[1] WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely used, and was often the first security choice presented to users by router configuration tools.^[2]^[3]

Subsequent to a 2001 disclosure of a severe design flaw in the algorithm,^[4] WEP was never again secure in practice. In the vast majority of cases, Wi-Fi hardware devices relying on WEP security could not be upgraded to secure operation. Some of the design flaws were addressed in WEP2, but WEP2 also proved insecure, and another generation of hardware could not be upgraded to secure operation.

In 2003, the Wi-Fi Alliance announced that WEP and WEP2 had been superseded by Wi-Fi Protected Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both WEP-40 and WEP-104 have been deprecated.^[5] WPA retained some design characteristics of WEP that remained problematic.

WEP was the only encryption protocol available to 802.11a and 802.11b devices built before the WPA standard, which was available for 802.11g devices. However, some 802.11b devices were later provided with firmware or software updates to enable WPA, and newer devices had it built in.^[6]

^ IEEE Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications. IEEE STD 802.11-1997. November 1997. pp. 1–445. doi:10.1109/IEEESTD.1997.85951. ISBN 1-55937-935-9.
^ Andrea Bittau; Mark Handley; Joshua Lackey. The Final Nail in WEP's Coffin (PDF). 2006 IEEE Symposium on Security and Privacy. doi:10.1109/SP.2006.40. Archived (PDF) from the original on 2008-10-31. Retrieved 2008-03-16.
^ "Wireless Adoption Leaps Ahead, Advanced Encryption Gains Ground in the Post-WEP Era" (Press release). RSA Security. 2007-06-14. Archived from the original on 2008-02-02. Retrieved 2007-12-28.
^ Fluhrer, Scott; Mantin, Itsik; Shamir, Adi (2001). "Weaknesses in the Key Scheduling Algorithm of RC4" (PDF).
^ "What is a WEP key?". Archived from the original on April 17, 2008. Retrieved 2008-03-11.
^ "SolutionBase: 802.11g vs. 802.11b". techrepublic.com. 19 August 2004.

[802.11-1997-1] IEEE Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications. IEEE STD 802.11-1997. November 1997. pp. 1–445. doi:10.1109/IEEESTD.1997.85951. ISBN 1-55937-935-9.

[Final_Nail-2] Andrea Bittau; Mark Handley; Joshua Lackey. The Final Nail in WEP's Coffin (PDF). 2006 IEEE Symposium on Security and Privacy. doi:10.1109/SP.2006.40. Archived (PDF) from the original on 2008-10-31. Retrieved 2008-03-16.

[3] "Wireless Adoption Leaps Ahead, Advanced Encryption Gains Ground in the Post-WEP Era" (Press release). RSA Security. 2007-06-14. Archived from the original on 2008-02-02. Retrieved 2007-12-28.

[1stfatalflaw-4] Fluhrer, Scott; Mantin, Itsik; Shamir, Adi (2001). "Weaknesses in the Key Scheduling Algorithm of RC4" (PDF).

[5] "What is a WEP key?". Archived from the original on April 17, 2008. Retrieved 2008-03-11.

[6] "SolutionBase: 802.11g vs. 802.11b". techrepublic.com. 19 August 2004.

[1]

[2]

[3]

[4]

[5]

[6]