4 Problems with WEP
1) WEP uses 40-bit encryption keys. These keys can be cracked ridiculously fast. A lot of people don’t change the keys regularly either..
2) WEP authentication protocol relies on DNS. This means that it’s prone to MITM attacks. Speaking of attacks, Networks using WEP keys are vulnerable to: -Active/Passive attacks to decrypt traffic. -Active attacks to inject new traffic from unauthorized mobile stations. -Dictionary-building attacks.
3) The initialization vector in WEP is a 24-bit field, which is sent as the cleartext part of a message. This guarantees the reuse of the same key stream. On a busy access point that sends [1500 byte packets @ 10Mbps], after about 5 hours, the same key stream will be reused and so, this allows an attacker to collect two ciphertexts that are encrypted with the same key stream and perform statistical attacks to recover the plaintext.
4) Here’s a simple one: Having a WEP key ‘protecting’ your network creates a false sense of security... thus clients may send sensitive data over this network.













