WEP stands for "Wired Equivalent Privacy". It is part of the 802.11b (WiFi) specification. Most 802.11b cards are capable of using either 40 (aka 64) or 128-bit encryption to protect the data between the client computer and the base station on the wired network.

If you would believe the marketing information, then everyone should be interested in using the 802.11b 128-bit WEP encryption. So why doesn't AirSEAS take advantage of WEP?

The answer is that WEP is worse than useless. The fact is that WEP has been bypassed or cracked a number of different ways, and for AirSEAS, it would provide users with a sense of false security (which is often worse than no security).

• When using WEP, many users mistakenly believe that their connection is secure between their laptop and the computer they are communicating with. WEP only encrypts the packets as they travel through the air: as soon as they reach a wire, they are travelling over the internet in an unencrypted form. In SEAS, we have recommended for some time that users always use an application layer encryption protocol (like SSH) because packets travelling over the internet unencrypted are often "sniffed" (intercepted).
• Generally, an access point may have a maximum of 4 WEP keys assigned. Each of the users must have one of these four keys. Given the ratio of users (hundreds or thousands) to keys (4), the keys are essentially public knowledge passwords. If you have a key for the wireless network, your wireless card will automatically decrypt all of the traffic that uses the key. So, the combination of public knowledge and automatic decryption makes it not useful.
• If you don't know a WEP key for a 802.11b network, but the target network is publically routable (i.e. it is really on the Internet, which SEASnet is), there is a fairly easy method to crack the WEP key being used. If you plug in to a wired network (such as SEASnet), you can send a packet to a target on the encrypted 802.11b network (to a host which uses WEP). If you capture the encrypted packet from the wireless network when it arrives, then you've got a copy of the packet in both its unencrypted and encrypted forms. The only difference is the key. If you repeat this enough times, the WEP key is derrivable.
• Berkeley has a writeup about WEP security problems.
• Slashdot posted a response from the chair of the 802.11 committee about Berkeley's WEP paper.
• This is a postscript document published by Avi Shamir, Scott Fluhrer, and Itsik Mantin describing the weaknesses in the encryption protocol that WEP uses (RC4).
• An AT&T intern has completely cracked WEP in about a week. The details of his attack are available at his Rice University web site.
• On August 17th, 2001, it finally happened: WEP is beaten as it currently stands. The project at http://airsnort.sourceforge.net/ is an open source WEP cracker. According to its documentation, "AirSnort requires approximately 100M-1GB of data to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second."
• On August 21st, 2001, a second WEP cracker was released: WepCrack.