Wednesday, September 27, 2006

WIRELESS: WEP vs WPA vs WPA2

Brute force time to break encryption:
WEP < 10 minutes
WPA - 21 character password > 4x10-20 years
WPA2 - more ...

CompuDent uses https://www.grc.com/passwords.htm to generate unique 63 character passwords for WPA encryption. This offers secure wireless encryption while supporting older hardware that doesn't contain the WPA2 standard.

Reposted from Kim Komando tip:

The long answer starts in 1999 with WEP (Wired Equivalent Privacy), the oldest Wi-Fi protection standard. It failed to live up to its name. It sticks with the same key, making it relatively easy to break. Nowadays, WEP can be cracked in a matter of minutes.

The Wi-Fi Alliance developed WPA (Wi-Fi Protected Access) in 2003 to address WEP's weaknesses. Improvements included TKIP, which changes the encryption key for each data transmission.

The choice between TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard) is a choice between old and new technologies, respectively. So the short answer to your question is that AES is more secure.

WPA is compatible with many older access points and network cards. In most cases, only an update is required.

However, WPA was a stopgap measure. At the time, the Wi-Fi Alliance was working on its 802.11i standard. Released in 2004, it is commonly known as WPA2.

WPA2 uses AES for encryption. It is stronger than the RC4 encryption scheme shared by WEP and WPA. But AES requires modern hardware.

WPA2 should be your first choice. That includes AES. I have general instructions for a complete WPA2 setup on my site.

If your computers' networking components (Wi-Fi cards or USB adapters) don't offer WPA2 options, switch the setup to WPA. On your access point, that means TKIP. If the adapters on your computers allow only WEP, look for updates online.

Both WPA and WPA2 offer good security. WPA is theoretically breakable, but can be secure on a practical level. With a strong password of 21 characters or more, a WPA network can withstand an attack for years. Unfortunately, most people don't use strong passwords.

In either WPA or WPA2, your password is the weakest link. Make it as strong as you reasonably can. You can find complete steps for making strong passwords on my site.