WEP vs. WPA vs. WPA-PSK
what's the difference? which one of these three should i use?
AMD Athlon XP 1900+ :: SLK900a + SmartFanII :: EpoX 8KHA+ :: ATI Radeon 9800NP (452/344) Samsung 3.3ns :: Audigy X-Gamer :: 1024mb Crucial PC2100 :: Western Digital SE 120gb 8mb cache 7200rpm :: Seagate Barracuda IV 40gb 7200rpm :: Samsung 753DF (1024x768/85Hz) :: Lian Li PC 61 :: Enermax Noisetaker 420w
Red Shark Moderator
WPA is the general name for this form of protection.
Enterprise WPA is a type of WPA that needs RADIUS server to generate a master key for a session.
WPA Pre Shared Key (WPA-PSK) is a type of WPA that you can configure your own key, like it is done in WEP.
WEP – WPA – and the Future.
Each packet of the Encryption has 24bits Initialization vector. Which unfortunately done in plaintext.
40bits (encryption)+ 24bits(init. vector)=64bits Encryption.
104bit(encryption)+ 24bits(init. vector)=128bits Encryption.
WEP uses RC4 stream encryption, for a fresh key stream for each packet.
The Init Vector & the key are combined to get per-packet key which is used to generate RC4 keys stream.
The RC4 is one of the major culprits in the security issues.
Part of the weakness of RC4 has to do with the combo of Init. Vector and Plain Text chipper.
24 bit Init vector is finishing a cycle of 2 in the power of 24 in about hour and then repeats.
Repeating Init Vector plus knowledge about the plaintext language, makes guessing the plaintexts simpler.
The hopefully soon coming 802.11i
Likely to include:
Temporal Key Integrity Protocol (TKIP)
Replace RC4, probably with AES
Message Integrity Code (MIC)
It is an interim solution that is used now until 802.11i comes out.
It still using RC4, but the Key was changed to TKIP.
TKIP basically works by generating a sequence of WEP keys based on a master key, and re-keying periodically before enough volume of info. could be captured to allow recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick enough to combat statistical methods to analyze the cipher.
TKIP also adds into the picture the Message Integrity Code (MIC). The transmission’s CRC, and ICV (Integrity Check Value) is checked. If the packet was tampered with. WPA will stop using the current keys and re-keys.
The future - probably will be implentet in a year ot two with 802.11i.
The Big Change will come with AES.
AES (Advance Encryption Standard).
AES aka the Rijndael algorithm is a secure, fast symmetric cipher that is easily implemented in hardware.
AES has its own mechanism for dynamic key generation. It's also resistant to statistical analysis of the cipher text.
In wireless it would do the cipher in hardware.
Last edited by cat5e; 08-30-2004 at 05:58 PM.
Microsoft, MVP - Networking.