Wired Equivalent Privacy (WEP), defined in IEEE 802.11, is used to protect the data of authorized users from tampering during transmission on a WLAN. WEP uses the RC4 algorithm to encrypt data using a 64-bit, 128-bit, or 152-bit encryption key. An encryption key contains a 24-bit initialization vector (IV) generated by the system, so the length of key configured on the WLAN server and client is 40-bit, 104-bit, or 128-bit. WEP uses a static encryption key. That is, all STAs associating with the same SSID use the same key to connect to the wireless network.
A WEP security policy defines a link authentication mechanism and a data encryption mechanism.
Link authentication mechanisms include open system authentication and shared key authentication. For details about link authentication, see "Link Authentication" in STA Access.
If open system authentication is used, data is not encrypted during link authentication. After a user goes online, service data can be encrypted by WEP or not, depending on the configuration.
If shared key authentication is used, the WLAN client and server complete key negotiation during link authentication. After a user goes online, service data is encrypted using the negotiated key.
WEP encryption users the static shared key. The same WEP key is used for encrypting different users, bringing security risks. Before 802.11i is launched, no unified wireless encryption standard is available. Vendors enhance WEP encryption by leveraging 802.1X authentication to achieve dynamic WEP encryption. The 40-bit, 104-bit, or 128-bit dynamic WEP key is dynamically generated and delivered by the 802.1X authentication server. In this manner, different WEP keys are used for encrypting different users.
In the link authentication phase of dynamic WEP, only open authentication is supported. After users go online, service data is encrypted using the key that is dynamically generated and delivered by the server.