Why is WEP insecure?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the WGU ITAS 2142 D830 Introduction to Cryptography Exam. Review flashcards and multiple choice questions with hints and explanations. Get ready for your exam!

Multiple Choice

Why is WEP insecure?

Explanation:
WEP’s insecurity stems from how RC4 is used for encryption. Each frame is encrypted with RC4 using a per-packet key formed by concatenating a 24-bit initialization vector (IV) with the shared secret key. That IV is transmitted in the clear, and because there are only 2^24 possible IVs, in a busy network you’ll see many frames reusing the same keystream. When the same keystream is applied to different plaintexts, an attacker can XOR the corresponding ciphertexts to cancel the keystream and reveal relationships between the plaintexts, making it easy to recover information. RC4 also has known biases in its early keystream bytes, which attackers can exploit to deduce parts of the key more efficiently than brute-forcing. This combination—how the keystream is generated and reused due to the small IV and RC4’s weaknesses—is why WEP is insecure. The other options don’t reflect the fundamental flaw: using AES would be secure, not insecure; the issue isn’t incompatible with WPA2 or overly long keys, which would actually help security.

WEP’s insecurity stems from how RC4 is used for encryption. Each frame is encrypted with RC4 using a per-packet key formed by concatenating a 24-bit initialization vector (IV) with the shared secret key. That IV is transmitted in the clear, and because there are only 2^24 possible IVs, in a busy network you’ll see many frames reusing the same keystream. When the same keystream is applied to different plaintexts, an attacker can XOR the corresponding ciphertexts to cancel the keystream and reveal relationships between the plaintexts, making it easy to recover information. RC4 also has known biases in its early keystream bytes, which attackers can exploit to deduce parts of the key more efficiently than brute-forcing. This combination—how the keystream is generated and reused due to the small IV and RC4’s weaknesses—is why WEP is insecure. The other options don’t reflect the fundamental flaw: using AES would be secure, not insecure; the issue isn’t incompatible with WPA2 or overly long keys, which would actually help security.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy