All about computer, communications and consumer electronics (3C)

Posts Tagged ‘WEP’

WPA versus WEP

Posted by Suntrekker on November 27, 2007

I often converse with my colleagues why they should use WPA versus WEP, but I thought some of you might be interested differences between WEP and WPA which may also shed some light on why you’d want to choose WEP over WPA.

Wired Equivalent Privacy, commonly called WEP is 802.11’s first hardware form of security where both the WAP and the user are configured with an encryption key of either 64 bits or 128 bits in HEX. So when the user attempts to authenticate, the AP issues a random challenge. The user then returns the challenge, encrypted with the key. The AP decrypts this challenge and if it matches the original the client is authenticated. The problem with WEP is that the key is static, which means with a little time and the right tool a hacker could use reverse-engineering to derive the encryption key. It is important to note that this process does affect the transmission speed.

The next generation of hardware security is Wi-Fi Protected Access commonly know as WPA. WPA solves WEP’s static encryption key issue. WPA uses a Temporal Key Integrity Protocol (TKIP), which changes keys with every data packet. It also includes message-integrity checks that guard against forged packets. Of course WPA is not without flaw, for increase security we sacrifice more of our speed! Another weakness with WPA exists when the home version is used, which utilizes a shared pass phrase. If the user chooses a pass phrase that might be found in the dictionary and/or uses a pass phrase that is less then 21 characters, WPA can be cracked using a brute force dictionary attack.

I found this while searching in the internet it is alarming for someone who manages network security.

Posted in Versus | Tagged: , , | 1 Comment »