A security weakness in the encryption standard used within IEEE 802.11b-based wireless LANs (local area networks) has been uncovered.

Three cryptographers in the US have described a practical way of attacking the key scheduling algorithm of the RC4 cipher, in a paper entitled (somewhat unimaginatively) Weaknesses in the key scheduling algorithm of RC4. The RC4 cipher forms the basis of the WEP (Wired Equivalent Privacy) encryption that is used in IEEE 802.11b (also known as WiFi) wireless networks.

The paper's authors discovered several ways to uncover patterns in packets of information passing over wireless LANs. These patterns can be used to figure out the WEP encryption 'key' and the number used to scramble the data being transmitted. Once the key is recovered, it can be used to decrypt the messages.

The authors say using a longer key, one of 128 bits compared to the current WEP standard of 40 bits, does not make it significantly harder for attackers to uncover the process.

"Even with WEP, the hacker world has come up with programs to unscramble the codes and decipher all the packets," agreed Raymond Poon, associate director of computing services at City U, Hong Kong's City University. "Unless there's a better design for WEP algorithms, we'll have to wait for something more mature to evolve that will have everything enabled." City U uses wireless LANs extensively.

According to university officials, finding an encryption code that has not yet been hacked continues to be a dilemma.

Security experts said that although wireless LAN encryption is based on a pre-shared secret key, anyone with the same key can eavesdrop. Yet it does not necessarily mean that all deployments of wireless LANs will be affected by the WEP security hole.

This may seem only of specialist interest, but more and more places are being 'wirelessed up', such as business class lounges in airports and other public places.