WEP-Open more secure than WEP-Shared? Who knew?
If you have ever setup security on a wireless network, then you have probably heard the term "WEP" before. While WEP has weaknesses that make it easily crackable by a sophisticated hacker, I did learn something new this weekend from my IM with Matthew our Development Manager .
When configuring a WEP-key in your router, there are two options you can choose: “Shared” or “Open”. At first glance, without knowing anything about the nuances of the technology one might think that “Shared” sounds better than “Open”. Open suggests that it’s not especially secure and anyone can get in. “Shared” sounds safer - like you tell everyone what your key is ahead of time. Naturally I assumed that Shared was more secure.
How wrong I was! Read on and I'll tell you why...
It turns out that WEP-Shared has a weakness in its authentication challenge. The way I understand it to work is something like this:
- your laptop associates with the Access Point
- the Access Point sends your laptop some 'challenge text' in clear-text
- the laptop encrypts the challenge-text using the WEP key and sends it back
- if the Access-Point sees the data is encrypted with the same key they handshake succeeds and things move along...
What's so bad about this? Well because the ‘challenge-text’ is passed in the clear, and the encrypted response to the challenge is also passed in the clear, if a hacker could see this request happen, they could use it to perform an offline dictionary attack on the data to find your key.
This is a big leg-up on hacking your network.
The open authentication option doesn’t have this challenge request so it’s a little harder to crack, (but still very crackable).