As a penetration tester, it's important to understand the various types of wireless encryption and their standards.
The Wired Equivalent Privacy (WEP) standard was the first encryption standard implemented within an IEEE 802.11 network. It's designed to provide data confidentiality during all wireless communications between an access point and a client. WEP uses the RC4 encryption cipher/algorithm to ensure confidentiality during transmission; however, the WEP encryption standard uses a 24-bit initialization vector (IV). The IV, in this case, is used to create a stream of ciphers for the RC4 encryption algorithm.
The following are the various key sizes for WEP:
- A 64-bit WEP uses a 40-bit key
- A 128-bit WEP uses a 104-bit key
- A 256-bit WEP uses 232-bit key
WEP has been known for its design flaws over the years and is considered a security vulnerability when applied to an IEEE 802.11 network.