[ubuntu-uk] WEP key

Andrew Price andy at andrewprice.me.uk
Wed May 30 21:50:33 BST 2007 

On 30/05/07 20:51, Neil Greenwood wrote:
> On 30/05/07, Andrew Price <andy at andrewprice.me.uk> wrote:
>> I'm sure someone will mention this next bit so I'll get there first: WEP
>> has been found to be quite easy to circumvent, so it's not that good a
>> way of securing a wireless network, but it's better than nothing and
>> it's still used quite widely.
> 
> Sorry, but that's not correct. It's not better than nothing - at least
> with nothing you don't think you're secure!
> 
> It takes about 2-3 minutes to capture enough wireless traffic to crack
> WEP now, followed by a few seconds of CPU time.
> 
> WEP is now totally worthless. If you can, use WPA or WPA-2 instead. If
> your hardware only supports WEP, don't use it and set up a VPN
> (virtual private network - this encrypts all the data being sent over
> the air).
> 
> I'd guess this is far too technical for the original poster, but I
> just wanted to point out how broken WEP is.

Hi Neil, you're absolutely correct.

I'll explain. My aim was to simplify the whole explanation of WEP keys
and I just dropped that "it's better than nothing" in as a nicety.
Considering that WEP is still the most used and most widely supported
method of securing a wireless network, I felt it was justified to not
scare a new wireless user away from that technology. I didn't want to go
off on a "you shouldn't use WEP! bad bad!" tangent because that's not a
helpful way to explain things clearly and answer the question directly.

I'm sure you've all seen it before, if you give too much technical
information and too many  at once, people are likely to throw their
hands up and back away from the technology because it seems like too
much hassle. I'm always wary of doing that. It's a case of being too
helpful.

Of course, if I was going to argue that point of WEP being better than
nothing my argument would be this: If you have an open wireless network
with no security at all, then it's harder to say that someone has broken
into your system and stolen your internet service (or whatever the legal
jargon is in these cases) because they could argue that they were just
walking by with their mobile device and the device automatically
associated itself with the access point, or something similar. If you
force someone to put some effort into breaking the security on your
network (admittedly, not much effort is required to crack WEP) then you
at least have some ground to stand on.

I personally use WPA on a daily basis and, although it's more secure
than WEP (for now, until someone inevitably discovers a weakness), I'm
finding that software like network-manager and the Ubuntu installer just
don't support it, despite having a wireless card with open source
drivers, which is a bit of a pain. I could probably crack my neighbour's
WEP key in a short amount of time and use their network connection
instead but because I have morals and any kind of security on a network
says to me "please, stay out unless you have permission", I would never
do such a thing.

Well, that was a bit of an essay, I hope I've explained myself clearly,
and I apologise for disseminating arguably erroneous information :)

--
Andy Price
http://andrewprice.me.uk

More information about the ubuntu-uk mailing list