Archived - Choosing a password for networks that use Wired Equivalent Privacy (WEP)
Choosing and using a WEP password can be a challenge, because WEP is an older security protocol that was developed before members of the Wi-Fi Alliance had agreed on a uniform way to treat passwords. The result is that a WEP password may not work for all computers in a multiplatform environment.
However, this is the easy trick you can use to make a WEP password work for everybody on your network:
- For a 40 bit WEP network, always choose a 5-character password.
- For a 128 bit WEP network, always choose a 13-character password. Be sure to use a password that is secure.
This document focuses just on WEP password selection for the network administrator. For a broader discussion of password entry, see joining an encrypted wireless network. The following sections explain why this password selection technique works for all clients.
Understanding the numbers
A WEP network uses either a 64 bit or 128 bit encryption key, but the Wi-Fi industry usually refers to the former as "40 bit." Though a bit inconsistent, this naming convention is easy to understand: The password you enter takes up either 40 or 104 bits, and in both cases a 24 bit random number is added, totaling 64 bit and 128 bit keys. You may see 40/64 and 104/128 used interchangeably as appropriate in context. The larger numbers refer to the total key, and the smaller numbers to the actual password.
The multiplatform issue
Being an older protocol, WEP password treatment was not implemented uniformly by all wireless hardware and operating system manufacturers. Some products require users to enter relatively cryptic hexadecimal characters (four bits each), while others allow "plain language" password entry. A plain language password, like "apple", uses standard ASCII characters that are 8 bits each.
Products that allow plain language (ASCII) password entry may not force the network administrator to create 5- or 13-character passwords that would result in the required 40 (5*8) and 104 (13*8) bit-length passwords. Instead, they use a "hashing" routine to convert an odd-length password to the correct bit length. The multiplatform issue arises when the hashing results of products from two different manufacturers don't match each other. The resulting "network equivalent passwords," which are always given in hexadecimal format, are different.
Tip: If all of your products are capable of using WPA, it is a newer security protocol that avoids this issue altogether.
How choosing 5 or 13 characters avoids the issue
Every standard Roman character has a 2-character hexadecimal equivalent. If you select 5 characters for a 40 bit password or 13 characters for a 104 bit password, then no hashing will be required. All wireless manufacturers convert each roman (ASCII) character directly into a hexadecimal when there is no hashing.
For example: If your 40 bit password is "apple", the hex value equivalent is 6170706C65 (a=61, p=70, p=70, l=6C, e= 65). For a 104 bit password of "applecomputer", the hex is 6170706C65636F6D7075746572. This is true regardless of manufacturer.