Sunday, April 8, 2007

Wi-Fi 128-bit WEP encryption - now with new and improved INsecurity

WEP is the old standard for wireless networking encryption. New standards include WPA and WPA-2, plus a few alternates that include server authentication (RADIUS) and other flavors.

Most new wireless routers will support WPA in some incarnation. All new wireless cards for clients also support WPA. Some older wireless cards either require new drivers, or cannot support WPA - an excellent argument to upgrade equipment ASAP.

Trouble is, far too many people still rely on WEP. A recent article and publicly released working code sample (plug-in) from the Technical University of Darmstadt as reported by Heise Security allows the bad guys to hack into 128-bit WEP protected wi-fi networks in about a minute using only a laptop and a popular hacking program available to anyone on the Internet.

"A wireless network secured with 128-bit WEP encryption can, according to the researchers, be cracked in less than a minute using their attack method."