Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
A. Length of Initialization Vector (IV)
B. Protection against message replay
C. Detection of message tampering
D. Built-in provision to rotate keys
Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
A. Length of Initialization Vector (IV)
B. Protection against message replay
C. Detection of message tampering
D. Built-in provision to rotate keys
LOOK OUT!
The CISSP exam questions on this site are too old, many new questions are NOT available.
They are not valid enough for passing exam!!!
I just found another version of CISSP exam questions with NEW questions updated recently here:
https://www.passleader.com/cissp.html
Just FYI.
If you have some helpful CISSP study materials, please kindly sharing.
Sharing is caring, let’s help each other!!!
Thanks in advance!!!
Hello!
Getting more new CISSP exam questions from gDrive here:
https://drive.google.com/drive/folders/1MHyoLc7pcLRw87o5omeTiImZDhQFYaUB
(shared by PassLeader)
Good luck!
Weakness: The Initialization Vector (IV) is Too Small
WEP’s IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for a given WEP key, for any key
size. Remember that the RC4 cipher stream is XOR-ed with the original packet to give the encrypted packet
which is transmitted, and the IV is sent in the clear with each packet. The problem is IV reuse. If the RC4 cipher
stream for a given IV is found, an attacker can decrypt subsequent packets that were encrypted with the same IV,
or, can forge packets. This means that you don’t need to know the WEP key to decrypt packets if you know what
the key stream was used to encrypt that packet. They sound like similar problems, but it’s actually much easier to
discover the key stream than it is to discover the WEP key.
Since there are only 16 million IV values, how the IV is chosen makes a big difference in the attacks based on IV.
Unfortunately, WEP doesn’t specify how the IV is chosen or how often the IV is changed. Some implementations
start the IV at zero and increase it incrementally for each packet, rolling over back to zero after 16 million packets
have been sent. Some implementations choose IVs randomly. That sounds like a good idea, but it really isn’t.
With a randomly chosen IV, there is a 50% chance of reuse after less than 5000 packets.