According to the CISSP All-in-One Exam Guide2, a weakness of Wired Equivalent Privacy (WEP) is the length of the Initialization Vector (IV). WEP is a security protocol that was designed to provide confidentiality and integrity for wireless networks, by using the RC4 stream cipher to encrypt the data and the CRC-32 checksum to verify the data. However, WEP has several flaws that make it vulnerable to various attacks, such as the IV attack, the key recovery attack, the bit-flipping attack, and the replay attack. One of the flaws of WEP is the length of the IV, which is only 24 bits long. This means that the IV space is very small, and the IVs are likely to repeat after a short period of time, especially in a busy network. This allows an attacker to capture enough IVs and ciphertexts to perform a statistical analysis and recover the encryption key. WEP does not provide protection against message replay, detection of message tampering, or built-in provision to rotate keys, but these are not weaknesses of WEP, but rather limitations or features that WEP lacks. References: 2