Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

– by 3

Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
A. Length of Initialization Vector (IV)
B. Protection against message replay
C. Detection of message tampering
D. Built-in provision to rotate keys

Download Printable PDF. VALID exam to help you PASS.

3 thoughts on “Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

  1. LOOK OUT!

    The CISSP exam questions on this site are too old, many new questions are NOT available.

    They are not valid enough for passing exam!!!

    I just found another version of CISSP exam questions with NEW questions updated recently here:

    https://www.passleader.com/cissp.html

    Just FYI.

    If you have some helpful CISSP study materials, please kindly sharing.

    Sharing is caring, let’s help each other!!!

    Thanks in advance!!!

    Reply

  2. Weakness: The Initialization Vector (IV) is Too Small
    WEP’s IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for a given WEP key, for any key
    size. Remember that the RC4 cipher stream is XOR-ed with the original packet to give the encrypted packet
    which is transmitted, and the IV is sent in the clear with each packet. The problem is IV reuse. If the RC4 cipher
    stream for a given IV is found, an attacker can decrypt subsequent packets that were encrypted with the same IV,
    or, can forge packets. This means that you don’t need to know the WEP key to decrypt packets if you know what
    the key stream was used to encrypt that packet. They sound like similar problems, but it’s actually much easier to
    discover the key stream than it is to discover the WEP key.

    Since there are only 16 million IV values, how the IV is chosen makes a big difference in the attacks based on IV.
    Unfortunately, WEP doesn’t specify how the IV is chosen or how often the IV is changed. Some implementations
    start the IV at zero and increase it incrementally for each packet, rolling over back to zero after 16 million packets
    have been sent. Some implementations choose IVs randomly. That sounds like a good idea, but it really isn’t.
    With a randomly chosen IV, there is a 50% chance of reuse after less than 5000 packets.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.