Encyclopedia - Encyclopedia Part 4 -
Wireless Encryption Standards
If you're confused about the different wireless encryption standards, then make use of the following examples are your basic wi-fi standard manual. Take note that all WEP and WPA with TKIP standards have long been considered insecure and, as such, aren't recommended for use at all!
WEP (Wired Equivalent Privacy):
- The old, original, and currently discredited wireless security standard. Easily cracked.
WEP 40/128-bit key, WEP 128-bit Passphrase:
- See WEP. The user key for WEP is generally either 40- or 128-bit, and usually has to be supplied as a hexadecimal string.
- Wi-Fi Protected Access. The initial version of WPA, sometimes called WPA1, is essentially a brand name for TKIP. TKIP was chosen as an interim standard because it could be implemented on WEP hardware with just a firmware upgrade.
- The trade name for an implementation of the 802.11i standard, which includes AES and CCMP.
- Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
- Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
Dynamic WEP (802.1x):
- When the WEP key/passphrase is entered by a key management service. Therefore, WEP didn't support dynamic keys until the advent of TKIP and CCMP.
- Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently, there are about forty different methods implemented for EAP. See WPA Enterprise.
- The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
LEAP, 802.1x EAP (Cisco LEAP):
- The Lightweight Extensible Authentication Protocol is a proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS, and frequent re authentication.
WPA-PSK, WPA-Preshared Key:
- Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
- Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
WPA Enterprise, WPA2 Enterprise:
- A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will interoperate (EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC & EAP-SIM).
- See Pre-Shared Key.
- Support for both WPA1 and WPA2 on the same access point.
- An IEEE standard that specifies security mechanisms for 802.11 networks. 802.11i uses AES, and includes improvements in key management, user authentication through 802.1X, and data integrity of headers.
- Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol that uses AES.
Portable Penetrator: Wi-Fi Security Auditing
With the Portable Penetrator you can audit and crack WEP, WPA, and WPA2 wi-fi standards with relative ease! It is recommended for you to fully utilize the Portable Penetrator for regular audits of your wi-fi networks in order to guarantee that no hackers or crackers can compromise your system.