Don't use WEP for Wi-Fi security, researchers say

The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend.

Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the interception of around 4 million packets of data in order to calculate the full WEP security key. Further flaws found in the algorithm have brought the time taken to find the key down to a matter of minutes -- not necessarily fast enough to break into systems that change their security keys every five minutes.

Now it takes just three seconds to extract a 104-bit WEP key from intercepted data using a 1.7-GHz Pentium M processor. The necessary data can be captured in less than a minute, and the attack requires so much less computing power than previous attacks that it could even be performed in real time by someone walking through an office.