Why is shared less secure than open when it comes to WEP?

Question

According to this post, Jeffrey Tippet (Microsoft employee) writes:

WEP can run in two modes: shared and open. Despite the names, shared is actually less secure than open. Because of this, our telemetry shows that that only 0.1% (and declining) of Windows 7 users connect to these highly-insecure shared WEP networks.

In order to simplify Windows, make it easier for people to pick more secure defaults, and to enable us to focus on improving the wireless networking that the other 99.9% of our customers use, we removed shared WEP from Windows 8. Windows 8 continues to support open WEP. We recommend that you configure your AP to use open WEP, as it's more secure and more broadly-supported.

However, there isn't an explanation as to why shared is less secure than open. Why is this the case?

Answer 1

Shared would send a plaintext query to authenticate clients which would be encrypted and returned. This left the key vulnerable to a known-plaintext attack.

Open would allow anyone to authenticate, but wouldn't pass plaintext around, making the key harder to guess.

Here and here are links to more details.

Answer 2

Shared authentication uses a challenge/response protocol to connect, and this makes it very susceptible to a dictionary attack offline. Using WEP in shared mode, You just need to enter a secret shared key to connect, and this is where the attack can be easily perpetrated. Hope that helps!

Answer 3

To answer your question, it's not necessarily. For example, if there are no clients, Open is less secure.

In general, shared is less secure because you can deauthenticate a client, which forces it to associate again. You then capture the shared key authentication handshake. In open mode, this handshake doesn't happen.