WEP - Wired Equivalent Privacy

Close up of web site login procedure entrance.
kay / E+ / Getty Images

Wired Equivalent Privacy is a standard network protocol that adds security to Wi-Fi and other 802.11 wireless networks. WEP was designed to give wireless networks the equivalent level of privacy protection as a comparable wired network, but technical flaws greatly limit its usefulness.

How WEP Works

WEP implements a data encryption scheme that uses a combination of user- and system-generated key values.

The original implementations of WEP supported encryption keys of 40 bits plus 24 additional bits of system-generated data, leading to keys of 64 bits of total length. To increase protection, these encryption methods were later extended to support longer keys including 104-bit (128 bits of total data), 128-bit (152 bits total) and 232-bit (256 bits total) variations.

When deployed over a Wi-Fi connection, WEP encrypts the data stream using these keys so that it is no longer human readable but still can be processed by receiving devices. The keys themselves are not sent over the network but rather are stored on the wireless network adapter or in the Windows Registry. 

WEP and Home Networking

Consumers who purchased 802.11b/g routers in the early 2000s had no practical Wi-Fi security options available other than WEP. It served the basic purpose of protecting one's home network from accidentally being logged into by neighbors.

Home broadband routers that support WEP commonly allow administrators to enter up to four different WEP keys into the router's console so the router can accept connections from clients set up with any one of these keys. While this feature does not improve the security of any individual connection, it gives administrators an added degree of flexibility for distributing keys to client devices.

For example, a homeowner may designate one key to only be used by family members and others for visitors. With this feature, they can choose to change or remove visitor keys any time they wish without modifying the family's own devices.

Why WEP is Not Recommended for General Use

WEP was introduced in 1999. Within a few years, several security researchers discovered flaws in its design. The "24 additional bits of system-generated data" mentioned above is technically known as the Initialization Vector and proved to be the most critical protocol flaw. With simple and readily available tools, a hacker can determine the WEP key and use it to break into an active Wi-Fi network within a matter of minutes.

Vendor-specific enhancements to WEP like WEP+ and Dynamic WEP were implemented in attempts to patch some of the shortcomings of WEP, but these technologies are also not viable today.

Replacements for WEP

WEP was officially replaced by WPA in 2004, which in turn was later supplanted by WPA2. While running a network with WEP enabled is arguably better than running with no wireless encryption protection at all, the difference is negligible from a security perspective.