WEP performance impact

I wonder what the performance impact is when when switching on wep
encryption on a 802.11b network?

Regards
Fredrik

64bit 10-20% drop in throughput
128bit 20-30% drop. Unless you need to max out the bandwidth all the time,
go for 128 bit, for net access you will not notice the drop.

"Fredrik" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I wonder what the performance impact is when when switching on wep
> encryption on a 802.11b network?
>
> Regards
> Fredrik
>

Fredrik wrote:

> I wonder what the performance impact is when when switching on wep
> encryption on a 802.11b network?
>
> Regards
> Fredrik

I found that I had only a 2Mb transfer rate after turning on WEP. I've been
told that using VPN instead of WEP will give better performance and
security.

Since I'm a nobody and don't really need transfer rates faster than my
internet connection, I've decided just to use WEP for the time being.

Fredrik <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> I wonder what the performance impact is when when switching on wep
> encryption on a 802.11b network?

I do no file sharing, so can't comment on LAN performance, but on my 2Mb
RoadRunner connection, I download at the 2Mb limit regardless of whether I
use 128 bit WEP - of course, I use it.

--
Tom McCune
http://www.McCune.cc
Please use PGP for Privacy & Authenticity

"Paul Landregan" <(E-Mail Removed)> wrote in message
news:bita9j$cn26k$(E-Mail Removed)...
> 64bit 10-20% drop in throughput
> 128bit 20-30% drop. Unless you need to max out the bandwidth all the time,
> go for 128 bit, for net access you will not notice the drop.
>
WEP is insecure at any key length, due to the design of its Initialisation
vector. Therefore "128 bit" WEP in reality offers no security advantage over
"64 bit" WEP. In fact 128 bit and 64 bit are misnomers, the shared WEP keys
are really 40 bits and 104 bits in length for "64" and "128" bit WEP. The
remaining 24 bits are the randomly generated 24 bit IV appended to the WEP
key.

This means that after every 2^24 iterations the same IV will be used, since
the WEP shared key is static, this means that the whole key is repeated
unchanged, from thereon its trivial to crack. This is compounded by the fact
that there is no means to co-ordinate the use of the IV among the various
base stations, hence the frequency of the IV repeating increases
proportionately with the number of base stations and the density of
transmissions. Hence the only way to keep the shared key secret is to change
it every 2^24 frames atleast, as this is impossible to implement, WEP is
insecure at any key length.

Note here, that the frequency of key change depends on the length of the IV
(Initialisation Vector) which is static at 24 bits regardless of the shared
key length. 2^24 frames may seem a lot, but a busy AP typically transmits
this many frames in the space of an hour. An attacker typically has to
collect a few hours worth of frames before the WEP key can be broken,
regardless of the length of the shared key.

In summation, if you want better WEP security, changing the key(s) often is
more important than the WEP bit length.

Look to upgrade to WAP from WEP. Linksys has the updated drivers out.


"Tom McCune" <tom@DELETE_THISmccune.cc> wrote in message
news:2Fq4b.31774$(E-Mail Removed)...
> Fredrik <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
> > I wonder what the performance impact is when when switching on wep
> > encryption on a 802.11b network?
>
> I do no file sharing, so can't comment on LAN performance, but on my 2Mb
> RoadRunner connection, I download at the 2Mb limit regardless of whether I
> use 128 bit WEP - of course, I use it.
>
> --
> Tom McCune
> http://www.McCune.cc
> Please use PGP for Privacy & Authenticity

On Mon, 1 Sep 2003 04:58:09 -0400, Len West spoketh

>Look to upgrade to WAP from WEP. Linksys has the updated drivers out.
>

You mean upgrade to WPA from WEP... WPA only works with Windows XP (free
upgrade from MS). W2K users (and all other MS OS's) will have to
purchase a WPA client from a 3rd party vendor.


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

"Len West" <(E-Mail Removed)> wrote in news:CSD4b.297$I_2.84900
@news20.bellglobal.com:

> Look to upgrade to WAP from WEP. Linksys has the updated drivers out.

I appreciate the suggestion. Last time I went looking, I couldn't find the
updates for my WAP11 v2.6 and WPC11 v3. My brief searching yesterday
didn't find them either, but I'll go back looking again today.

--
Tom McCune
http://www.McCune.cc
Please use PGP for Privacy & Authenticity

"Selar Rao" <(E-Mail Removed)> wrote in
news:jDD4b.76434$(E-Mail Removed):

> WEP is insecure at any key length, due to the design of its
> Initialisation vector. Therefore "128 bit" WEP in reality offers no
> security advantage over "64 bit" WEP. In fact 128 bit and 64 bit are
> misnomers, the shared WEP keys are really 40 bits and 104 bits in
> length for "64" and "128" bit WEP. The remaining 24 bits are the
> randomly generated 24 bit IV appended to the WEP key.
<snip>

Doesn't this really depend on the volume of wireless use? My understanding
is that since my one computer use of WEP is of relatively low volume, that
changing keys weekly, prevents the attack on the IV. The 40 bit keys can
be brute forced within a few hours on a modern computer - since 104 bit
keys cannot currently be brute forced, I believe my use of "128 bit" WEP is
actually much more secure than using "64 bit WEP." Obviously, this is not
the case for a heavy duty industrial user.

--
Tom McCune
http://www.McCune.cc
Please use PGP for Privacy & Authenticity

There is no performance difference between 64bit and 128bit WEP, so there is no reason to use 64bit.

"Selar Rao" <(E-Mail Removed)> wrote in message news:jDD4b.76434$(E-Mail Removed)...
>
> "Paul Landregan" <(E-Mail Removed)> wrote in message
> news:bita9j$cn26k$(E-Mail Removed)...
> > 64bit 10-20% drop in throughput
> > 128bit 20-30% drop. Unless you need to max out the bandwidth all the time,
> > go for 128 bit, for net access you will not notice the drop.
> >
> WEP is insecure at any key length, due to the design of its Initialisation
> vector. Therefore "128 bit" WEP in reality offers no security advantage over
> "64 bit" WEP. In fact 128 bit and 64 bit are misnomers, the shared WEP keys
> are really 40 bits and 104 bits in length for "64" and "128" bit WEP. The
> remaining 24 bits are the randomly generated 24 bit IV appended to the WEP
> key.
>
> This means that after every 2^24 iterations the same IV will be used, since
> the WEP shared key is static, this means that the whole key is repeated
> unchanged, from thereon its trivial to crack. This is compounded by the fact
> that there is no means to co-ordinate the use of the IV among the various
> base stations, hence the frequency of the IV repeating increases
> proportionately with the number of base stations and the density of
> transmissions. Hence the only way to keep the shared key secret is to change
> it every 2^24 frames atleast, as this is impossible to implement, WEP is
> insecure at any key length.
>
> Note here, that the frequency of key change depends on the length of the IV
> (Initialisation Vector) which is static at 24 bits regardless of the shared
> key length. 2^24 frames may seem a lot, but a busy AP typically transmits
> this many frames in the space of an hour. An attacker typically has to
> collect a few hours worth of frames before the WEP key can be broken,
> regardless of the length of the shared key.
>
> In summation, if you want better WEP security, changing the key(s) often is
> more important than the WEP bit length.
>
>