CISSP · Question #1481
CISSP Question #1481: Real Exam Question with Answer & Explanation
The correct answer is A: WEP uses a small range Initialization Vector (IV). One of the major weaknesses of Wired Equivalent Privacy (WEP) is its use of a small range Initialization Vector (IV). The IV is used as part of the encryption process, combined with the secret key to generate a unique encryption key for each packet. WEP uses a 24-bit IV, which is
Question
Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?
Options
- AWEP uses a small range Initialization Vector (IV)
- BWEP uses Message Digest 5 (MD5)
- CWEP uses Diffie-Hellman
- DWEP does not use any Initialization Vector (IV)
Explanation
One of the major weaknesses of Wired Equivalent Privacy (WEP) is its use of a small range Initialization Vector (IV). The IV is used as part of the encryption process, combined with the secret key to generate a unique encryption key for each packet. WEP uses a 24-bit IV, which is a very small range, and it leads to the following issues: 1. IV Reuse: With such a small IV space, there is a high probability that IVs will be reused, especially in networks with heavy traffic. When IVs are reused, the same encryption key is applied to multiple packets, which makes it easier for attackers to perform cryptanalysis. 2. Pattern Recognition: Repeated IVs, combined with weak encryption algorithms, allow attackers to recognize patterns in the encrypted data, which can be exploited to recover the original This makes WEP vulnerable to attacks like the FMS (Fluhrer, Mantin, and Shamir) attack and the KRACK attack, which rely on the ability to predict or observe IV patterns.
Topics
Community Discussion
No community discussion yet for this question.