They’re three of the most common tools used to protect wireless networks, and yet a majority of people couldn’t tell you a thing about them. WEP, WPA, and WPA2 are three of the most common encryption standards and if you view them simply as a few interchangeable acronyms on the back of your access point, you’re in for a surprise. Learning the difference between these three little guys gives you the information necessary to decide which standard is best for your network.
WEP, or Wired Equivalent Privacy is currently the most widely used wireless security algorithm in the world. WEP became acknowledged as a WI-FI security standard in September o f 1999. The earliest versions of WEP weren’t very strong, even compared by the standards of 1999, since US restrictions on the export of different cryptographic technology led to manufacturers limiting their devices to 64 bit encryption. When these restrictions were lifted, the 64 bit encryption was increased to 128 bit. Even with introduction of 256 bit WEP encryption, the 128 bit standard remains the most popular implementation. A number of security flaws have been discovered in the WEP standard over time, despite revisions to the algorithm and increases in key size. To make a point, the FBI gave a public demonstration in 2005 breaking WEP passwords in mere minutes with freely available software.
On the other side of the ring, we have WPA (Wi-Fi Protected Access, which was essentially the direct response to growing pile of WEP security vulnerabilities. It was formally adopted a year before the retirement of WEP in 2004. The most common WPA configurations is WPA Pre-Shared Key. The keys used by this standard are 256 bit, which is a pretty big increase over the 64 bit and 128 bit keys used in the WEP standard. The most significant changes implemented with the WPA standard include message integrity checks and Temporal Key Integrity Protocol. Even though WPA was seen as the successor to the flawed WEP standard, WEP didn’t quite go away. TKIP, a core technology of WEP enabled devices was designed to be easily rolled out through firmware upgrades and onto existing WEP enabled devices. Because of this it still needed to reuse some elements in the WEP standard, which unsurprisingly, eventually became exploited. Although both WEP and WPA have the potential to be hacked, a usual WPA security breach isn’t a direct attack on the WPA standard’s algorithm. Instead, it attacks a supplementary system that was rolled out with the WPA standard, the Wireless Protected Setup, which is designed to make it fairly easy to link devices to modern access points.
WPA2 can be considered as the new and improved version of WPA. WPA2 has been available on all certified wireless hardware since 2006 and had even been an optional feature on most hardware since before then. The standard is designed to improve the security of wireless connections by requiring the use of stronger wireless encryption than the original WPA had required. WPA2 doesn’t allow the use of the the faulty TKIP algorithm. Many routers typically support both WPA and WPA2, giving you the choice as to which one to run. Some IT professionals argue that although WPA2 may seem like an easy choice given its increased security, wireless hardware needs to work harder to supply this service, compared to standard WPA. The choice is yours between WPA and WPA2, but what ever you do, steer clear of WEP.