WEP

I got got one question for WEP. Why does it uses 24-bit IV to prepend with 40 or 104-bit key? Why not a bit higher, which suppose to be more secure? If it is because of the design, why did they choose 24-bit?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

RussS

hmmm - why is an orange round?

Seriously I would think that perhaps they were taking into account the computational abilities of things like older machines and PDAs. I think that with a little research you will find an appropriate answer.

JDMurray

wrathrow11 wrote:

I got got one question for WEP. Why does it uses 24-bit IV to prepend with 40 or 104-bit key? Why not a bit higher, which suppose to be more secure? If it is because of the design, why did they choose 24-bit?

The smaller value was probably considered a good balance between an easily crunchable encryption scheme for smaller processors and a reasonably secure WLAN.

The TKIP (Temporal Key Integrity Protocol) in WPA uses a 48-bit IV (Initialization Vector) as one the enhancements to the WEP encryption engine. It seems the 24-bit IV in WEP didn't do much to make a WLAN secure, as evidence from the AirSnort (airsnort.shmoo.com) and WEPcrack (wepcrack.sourceforge.net) programs.

Remeber that WEP is suppose to give an 802.11 network the equivalent privacy of an 802.3 network--which is not inherently secure in the first place. When you think about it, encryption is the only real security applicable to bits flying through the air.