« Cancel your GoToMyPC subscription! | Main | Just how secure is our Wireless Protection feature? »

WEP-Open more secure than WEP-Shared? Who knew?

If you have ever setup security on a wireless network, then you have probably heard the term "WEP" before. While WEP has weaknesses that make it easily crackable by a sophisticated hacker, I did learn something new this weekend from my IM with Matthew our Development Manager .

When configuring a WEP-key in your router, there are two options you can choose: “Shared” or “Open”. At first glance, without knowing anything about the nuances of the technology one might think that “Shared” sounds better than “Open”. Open suggests that it’s not especially secure and anyone can get in. “Shared” sounds safer - like you tell everyone what your key is ahead of time. Naturally I assumed that Shared was more secure.

How wrong I was! Read on and I'll tell you why...


It turns out that WEP-Shared has a weakness in its authentication challenge. The way I understand it to work is something like this:

  • your laptop associates with the Access Point
  • the Access Point sends your laptop some 'challenge text' in clear-text
  • the laptop encrypts the challenge-text using the WEP key and sends it back
  • if the Access-Point sees the data is encrypted with the same key they handshake succeeds and things move along...

What's so bad about this? Well because the ‘challenge-text’ is passed in the clear, and the encrypted response to the challenge is also passed in the clear, if a hacker could see this request happen, they could use it to perform an offline dictionary attack on the data to find your key.

This is a big leg-up on hacking your network.

The open authentication option doesn’t have this challenge request so it’s a little harder to crack, (but still very crackable).

Posted by Brett Marl on April 9, 2006 04:01 AM |

TrackBack

TrackBack URL for this entry:
http://www.networkgarage.com/cgi-bin/mt/mt-tb.cgi/226

Comments

What a great tip - I had no idea and I'm kind of a security freak - three layers of security on my wireless network at all times - MAC address filtering, SSID broadcast off, WEP encryption. Now I have to go check which WEP encryption I'm using!

Posted by: home networking news | April 11, 2006 07:49 PM

Dude. ESSID hiding and mac address filtering aren't good ways of securing your network at all. It takes 5 seconds to beat those. If the router doesn't broadcast the ESSID, the attacker can deauthenticate the client, and then the client will reveal the ESSID, and mac addresses can be changed easily with a program.

Posted by: bob | October 11, 2006 09:15 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)