WEP's Death Slightly Exaggerated
By Mike Masnick, Thu Dec 16 00:00:00 GMT 2004
The tools for cracking WEP have gotten to the point that some are saying it's lost all usefulness as a Wi-Fi security measure. That may still be a bit of an overstatement.
The fact that Wired Equivalent Privacy (WEP) is not particularly secure is not a secret at all. The number of articles that have been written about it, followed by the scramble to finish up a better solution has been well covered. The replacement, Wi-Fi Protected Access (WPA), is starting to spread and WEP was on its way out anyway. However, many older systems still weren't set up for WPA at all, and the general consensus was that WEP protection was perfectly fine for things like home use, where the amount of time and data needed by someone trying to break in would make it quite a chore.
However, the story spreading today is all about how the latest set of WEP cracking tools are much, much faster meaning that it isn't really safe, even for home use. However, the cry that WEP is completely dead seems a bit overblown.
It's obviously not completely secure. Using WEP does leave you open to some amount of risk, but at what level? It really depends on how likely you think it is that someone will be trying to get on your network and monitor your traffic, as well as what level of precaution you take in other areas. If you use a VPN most of the time, it shouldn't matter very much. If you're careful what you're doing online when you're on a less secure network and have your own computer secure, you should be fine.
My house has a lock on the front door. It's a pretty cheap lock that could easily be picked. I could go out and replace it with a much more heavy-duty lock, but the risk doesn't seem that worth it. There are times, in fact, where I have to run out quickly and I may leave it unlocked completely, knowing that the risk of someone entering is incredibly slim. In fact, knowing that there are much better targets nearby, it's even less likely that someone will bother with trying to get into my house. Even if someone does get in, they may not get very far. I have a dog that does a good job scaring off strangers and any really valuable stuff is often locked up elsewhere.
The same situation happens with WEP. Most people are probably in a "good enough" wireless neighborhood that the likelihood of someone breaking into their network is slim, at best. There are likely to be other, completely unsecured networks nearby which are more tempting, and WEP acts like the cheap lock on my front door. It's not hard to pick, but it's really not worth it, either because there are better targets or because what's inside isn't valuable enough to be worth the trouble.
None of this means that people should be complacent with WEP. Keeping your home Wi-Fi network secure is important, and not doing so does open yourself up to a fair amount of risk. However, simply assuming that WEP has suddenly become useless, even if just as a speed-bump deterrent is probably going too far. Users should absolutely look into improving security on home Wi-Fi networks, but this isn't a situation where there's simply no reason at all to use WEP any more. If you're careful otherwise, it should be good enough until you get down to the nearest hardware store to pick up a more secure lock.