Wired Equivalent Privacy (WEP)* is not recommended for a secure Wi-Fi local area network (LAN) due to its inherent weaknesses. One of the main security risks is a hacker can capture the encrypted form of an authentication response frame, using widely available software applications, and use the information to crack WEP encryption. The process consists of an authentication request from the client, clear challenge text from the access point (AP) or broadband wireless router, encrypted challenge text from the client and an authentication response from the AP/router.
Once authenticated and associated with the AP/router, every WEP data frame is encrypted with an RC4 cipher stream generated by an encryption key. That key is comprised of a 24-bit initialization vector (IV) and either a 40-bit or 104-bit WEP shared key (passphrase) that is configured on the client and AP/router. Combining the IV and key results in 64-bit and 128-bit WEP, respectively, which are the terms used today. Some vendors formerly referred to these as 40-bit and 104-bit WEP because they excluded the 24-bit IV in their documentation.
This applies to: