WEP (Wired Equivalent Privacy)

Avoid using this outdated security standard

Close up of web site login procedure entrance.
kay / E+ / Getty Images

WEP (wired equivalent privacy) is a standard network protocol that adds security to Wi-Fi and other 802.11 wireless networks. WEP was designed to give wireless networks the equivalent level of privacy protection as a comparable wired network, but technical flaws greatly limit its usefulness. Newer, stronger protection standards have replaced WEP as the default for most modern networks.

How WEP Works

WEP uses a data encryption scheme based on a combination of user- and system-generated key values. The original implementations of WEP supported encryption keys of 40 bits plus 24 additional bits of system-generated data, leading to keys of 64 bits in total length. To increase protection, these encryption methods were later extended to support longer keys, including 104-bit (128 bits of total data), 128-bit (152 bits total) and 232-bit (256 bits total) variations.

When deployed over a Wi-Fi connection, WEP encrypts the data stream using these keys so that it is no longer human-readable but still can be processed by receiving devices. The keys themselves are not sent over the network but rather are stored on the wireless network adapter or in the Windows registry. 

WEP and Home Networking

Consumers who purchased 802.11b/g routers in the early 2000s had no practical Wi-Fi security options available other than WEP. It served the basic purpose of protecting one's home network against login by neighbors.

Home broadband routers that support WEP commonly allow administrators to enter up to four different WEP keys into the router's console so the router can accept connections from clients set up with any one of these keys. Although this feature does not improve the security of any individual connection, it gives administrators added flexibility in distributing keys to client devices. For example, a homeowner may designate one key to be used only by family members and others, for visitors. With this feature, they can choose to change or remove visitor keys any time they wish without modifying the family's own devices.

Why WEP Is Not Recommended for General Use

WEP was introduced in 1999. Within a few years, several security researchers discovered flaws in its design. The "24 additional bits of system-generated data" mentioned above is technically known as the initialization vector and proved to be the most critical protocol flaw. With simple and readily available tools, a hacker can determine the WEP key and use it to break into an active Wi-Fi network within a matter of minutes.

Vendor-specific enhancements to WEP such as WEP+ and dynamic WEP attempted to patch some of the shortcomings of WEP, but these technologies also have proved unworkable today.

Replacements for WEP

Screenshot of the Wireless Network Properties window

WPA replaced WEP in 2004, and WPA2 then replaced WPA. Although running a network with WEP enabled is arguably better than running with no wireless encryption protection at all, the difference is negligible from a security perspective.