The WEP standard completely ignores the issue of key management. This causes problems with WLANs as the number of users grows. Using pre-shared secret keys means that every client who has the key material must be fully trusted to use that material in a legitimate way. This level of trust is not realistic. If everyone on a network uses the same key, then anyone on the network can decrypt traffic intended for any other device on the network. Also, an uneducated but otherwise trustworthy user may give the key material to another person (i.e., a friend or business associate who has stopped by the office). This new user is outside the initial trusted group of individuals who were issued the key material and could potentially compromise the network.

As the number of WLAN users grows and time passes, the amount of trust placed in secrecy of the key declines. In order to overcome this reduced trust, keys must be rotated periodically to reset the network to a trusted level. WEP provides key enumeration to allow users and administrators to rotate through a set of pre-shared keys. However, this does not drastically increase the security of the network. Instead of one key being issued to users, several keys are issued at one time. All keys are still known by the users.

Vendors are beginning to implement a per-user shared key so that each end-user device has a unique key that is shared with the access point. This protects each user from the other users on the network. By giving away their key to a friend, the only traffic they compromise is their own.

The IEEE selected 40-bit encryption because it is exportable under most national encryption laws. If the standard had only implemented 104-bit encryption, many vendors would not have been able to ship their WLAN products to other countries. Unfortunately, keys for 40-bit RC4 encryption can be found through exhaustive searching (brute force) on modern commodity PCs. A 40-bit key has just over a trillion possible values. A modern PC can search that range to find the secret key in a matter of an hour or two.

Scott Fluhrer, Itsik Mantin, and Adi Shamir released “Weaknesses in the Key Scheduling Algorithm of RC4.” The paper can be found at http://www.crypto.com/papers/others/rc4_ksaproc.ps. In the paper, the team described a weakness in RC4 as it is implemented in the WEP protocol. The issue is not with RC4, but with the way it is used by WEP. The end result is that WEP can be cracked if enough traffic can be intercepted. Also, as the key length grows, the time it takes grows linearly. Normally as an encryption key grows, the time to break the key increases exponentially. An exponential increase would cause a key with 41-bits to take twice as long as a 40-bit key. In WEP, you need to increase the key size from 40 to 80-bits to double the time it takes to find the key. This means that a 104-bit WEP key provides no significant practical advantage over a 40-bit key. There are several freely available tools to crack WEP keys, including AirSnort, which can be downloaded from http://airsnort.shmoo.com/.

Several vendors have implemented the IV in a manner that reduces the security of WEP even further. Some vendor implementations of WEP never rotate the IV. The same IV is used for all packets sent from the client for the lifetime of the association. Other vendors rotate the IV in a predictable fashion. This allows for even faster cryptanalytic attacks.

WEP has suffered from key management problems, implementation errors, and overall weakness in the encryption mechanism. WEP may raise the bar for an attacker but provides no real security from a determined attacker. Regardless of the name, WLANs that use WEP should not be trusted in the same way that wired networks are.