Which legacy encryption standard for wireless networks is considered insecure and should be avoided?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which legacy encryption standard for wireless networks is considered insecure and should be avoided?

Explanation:
Protecting wireless traffic requires both confidentiality and integrity. The legacy standard in question uses a stream cipher with a 24‑bit initialization vector, which is far too small for the amount of traffic seen in real networks. Because that IV is reused across many packets, attackers can observe multiple encrypted packets and deduce the same keystream being used. With the keystream known or partially known, they can recover plaintext and even craft forged packets, compromising both data and authenticity. The integrity mechanism is also weak, relying on a CRC rather than a cryptographically strong MAC, so tampering goes undetected more easily. These flaws make this standard easily crackable and something to avoid. In contrast, AES-based implementations provide strong confidentiality and integrity in modern deployments, TKIP was a transitional fix but is now considered insecure, and PSK refers to a password method rather than a standalone encryption standard.

Protecting wireless traffic requires both confidentiality and integrity. The legacy standard in question uses a stream cipher with a 24‑bit initialization vector, which is far too small for the amount of traffic seen in real networks. Because that IV is reused across many packets, attackers can observe multiple encrypted packets and deduce the same keystream being used. With the keystream known or partially known, they can recover plaintext and even craft forged packets, compromising both data and authenticity. The integrity mechanism is also weak, relying on a CRC rather than a cryptographically strong MAC, so tampering goes undetected more easily. These flaws make this standard easily crackable and something to avoid. In contrast, AES-based implementations provide strong confidentiality and integrity in modern deployments, TKIP was a transitional fix but is now considered insecure, and PSK refers to a password method rather than a standalone encryption standard.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy