40 and 128 bit wep -- is there any difference?

[wildwildwes]

I read somewhere that the wep vulnerability exists in both 40 and 128 bit versions. Does that mean that they're both equally vulnerable or is the 128 bit version less vulnerable than 40 bit?

 

[Athlex]

With WEP, greater key strengths are linearly (not exponentially) more difficult to crack. So if it takes 2 hours to crack a 40 bit key, it'd take roughly 6 to crack a 128 bit key. WEP also substantially reduces throughput on wireless access points/bridges because their CPUs are generally not up to the task of passing packets and doing realtime encryption. (Most APs these days are based on an AMD 486/33 or dual 16-bit ARM CPUs).

If you're interested in security go ahead and disable WEP and use VPN software instead. You'll get the best throughput and the encryption will be handled by your computer's CPU which has plenty of headroom. HTH
/Atx

Edit: also be sure to disable DHCP on the wireless segment of your network and restrict access to the AP by MAC address and you'll be much less hackable

 

[JackMDS]

WEP reduce the bandwidth of the Wireless connection (some time a lot),

If the concern is casual Security, i.e. no body is ?after you?, and there is no ?big secrets? on your Hard Drive.

Restrict your wireless communication, by allowing communicating with the MAC numbers of your Wireless Client. Change the default setting of the Wireless Access point. I.e. give the Wireless Network a unique name (SSID), and don?t use channel 6.

 

[cipher00]

There are some issues. I found an interesting article here that suggests allowing open association. It appears that association uses a 40 bit key and, if it's comprimsed, your WEP key goes out with it.

I'm still mulling this one over, though.....

 

[Schnieds]

Tom's Hardware had a great article recently about Wireless security. Check it out here

It explains the current problems with WEP security and what will be done in the future to resolve it.