Why are WEP and RC4 bad for security?

112 views

Why are WEP and RC4 bad for security?

In: 3

6 Answers

Anonymous 0 Comments

WEP and it’s underlying RC4 have been known to be broken for a very long time now.

In other words, it’s possible to retrieve the original passphrase from as little as a few seconds of data captured from the network by using commonly available software tools

Anonymous 0 Comments

Encryption involves using math to make something hard to figure out, but if you know the right math, you can essentially prove to the encryption that you are allowed to see what it’s guarding. This is important for later.

The encryption of WEP is weak. it used to be good in the 90s when it was new, however vulnerabilities have since been found, as well as the fact that computer power has increased, meaning modern computers can exhaust all of the options of math within a reasonable amount of time to find what the encryption is looking for.

Think of a door lock. WEP is like a lock with 2 cheap pins. You can either put in the key and turn it, or you can hit the lock kinda hard while turning the handle and it’ll pop open.

More modern encryption options use longer keys, “more pins in the lock” if you will, as well as just better made locks aka better designed encryption algorithms that are harder to break open.

Anonymous 0 Comments

WEP and RC4 were good once because computers were not very fast back in the day. Now computers are insanely fast and the WEP encryption is not strong enough against the cracking speeds anymore.

Anonymous 0 Comments

explained like you’re 5:

you and you friends have a secret code to get into your club house. the code is easy to guess, so people other than you and your friends can get in.

Anonymous 0 Comments

RC4 was designed to be a very fast encryption algorithm. This is very important because you want to be able to encrypt data without any loss in latency or transfer rate. For a lot of applications it is either this or no encryption. However RC4 was designed in 1987 for the computer available at that time. So even back in the late 90s we figured out that it was too simple. It was not just the speed of the computers which meant you could brute force it but the algorithm was just too simple and you could undo some of the calculations to find part of the input using just the output.

The problem was that the RC4 algorithm was perfect for the computer revolution in the 90s with lots of smaller home computers being sold and connected to the Internet. These computers were about as powerful as the big military computers that did real time encryption in the 80s so the RC4 algorithm was perfect for the Internet. Users could get full Internet speeds encrypted without even hogging the computer down. So RC4 became the standard for consumer electronics.

The problem with standards is that they are hard to change. New technology needs to be compatible with the old technology. So everything had to have support for RC4 to talk to old technology. Some people even preferred RC4 over more secure algorithms because of its speed.

When wireless encryption protocols like WEP was designed people did not even consider anything but RC4 due to the potential high bandwidth and the small size of the wireless routers and interfaces. So they made RC4 not only the default but the only encryption algorithm allowed. They did not see a need to allow for anything else.

Fast forward to about 2015 and we have found enough problems with the RC4 algorithm and have fast enough hardware to not only do line speed encryption and decryption but to do so without even knowing the secret key. So basically anyone with a modern computer could read any RC4 encrypted data stream as if it was not even encrypted, and people did.

It is also worth mentioning that there are strong suspicion that RC4 was intentionally made bad. It was developed by the US military in the 80s to encrypt traffic between radars, command centers, ballistic missile silos, anti-air rocket platforms, jet fighters and even missiles and rockets themselves. This is why it needed to be so fast. But there was a concern that the algorithm would fall into Soviet hands and that they would start using it themselves. So in addition to the requirement of being very fast it might also have had to be easily cracked for those who knew the weakness. There are some evidence of this but as far as I know this have not been confirmed yet.

Anonymous 0 Comments

WEP and RC4 are bad for security because they are old and outdated. They are not as effective as newer methods, such as WPA2.