Wired Equivalent Privacy (WEP) keys are a crucial part of the WEP standard, which was designed to add security to wireless networks. A single WEP key is used to encrypt and decrypt data before and after wireless transmission. The keys can come in two different character formats and may be of several different lengths. The WEP standard has been shown to be vulnerable to several different attacks capable of cracking a WEP key in minutes and has been considered obsolete since the early 2000s.
Since wireless networks use radio waves to transmit data, it is possible to eavesdrop on communications using a laptop computer or other device that can listen for radio waves at a specific frequency. The WEP standard, introduced in the late 1990s, prevents this by using “keys” to encrypt information before transmitting it across a wireless network. The same key is generally used for encryption, decryption, and authentication, so any outsider that lacks the correct key can only intercept a scrambled signal.
A standard WEP key may use either hexadecimal (HEX) or American Standard Code for Information Interchange (ASCII) encoding. These terms refer to the way in which letters and numbers are encoded into the binary 1s and 0s understood by computers. Hexadecimal keys can include any number 0 through 9 and the letters A to F. ASCII characters include all the letters of the English alphabet, numbers, and common symbols (#,@,!,& etc.). Some devices can only use HEX passwords, while others will accept either format. Online tools and Wi-Fi™ routers may convert standard passwords into a HEX form for devices which support only one standard.
The length of a WEP key is determined by the type of WEP encryption being used. The simplest form uses either ten hexadecimal characters or five ASCII characters for a total of 40 bits of information. These 40 bits are then combined with predefined set of 24 bits called an “initialization vector” for a total of 64 bits. For this reason, some makers of wireless networking gear refer to 64-bit WEP as WEP-40 or 40-bit WEP even though all use a total of 64 bits. Most wireless devices also support a stronger version of WEP that uses 128 bits—104 user-defined bits plus the 24-bit initialization vector—that allows for 26 HEX characters or 13 ASCII characters. Some devices support longer keys, although this is not part of the official specification.
Although it’s still found on most networking equipment, WEP suffers from major security flaws and should not be used unless compatibility issues make it necessary. Several attacks against the standard exist, and many are able to crack a WEP key in as little as one minute. As a result, a wireless network using WEP is only marginally more secure than a network with no encryption. Most networking equipment sold since the mid-2000s support a newer, more secure standard known as Wi-Fi™ Protected Access (WPA) or its successor, WPA2.