+ Post New Thread
Results 1 to 10 of 10
Wireless Networks Thread, Which WEP WPA would work well with my wireless?? in Technical; So apart from the alliteration, which method should I use to secure my wireless? I did some research in to ...
  1. #1

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,501
    Thank Post
    1,578
    Thanked 482 Times in 302 Posts
    Rep Power
    217

    Which WEP WPA would work well with my wireless??

    So apart from the alliteration, which method should I use to secure my wireless? I did some research in to this ages ago but I have managed to file it somewhere
    What version has the best compatibility and least overhead for b/g/n devices (possibly not b but we have some old stuff)?

    Thanks
    Chris

  2. #2

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,756
    Thank Post
    3,265
    Thanked 1,052 Times in 973 Posts
    Rep Power
    365
    Quote Originally Posted by CHR1S View Post
    So apart from the alliteration, which method should I use to secure my wireless? I did some research in to this ages ago but I have managed to file it somewhere
    What version has the best compatibility and least overhead for b/g/n devices (possibly not b but we have some old stuff)?

    Thanks
    Chris
    wep is less secure but more compatable where as wpa is more secure but not everything supports it depending on firmware version of wifi device and also if the computers OS supports it ie WPA or something like that I think ( dont quote me ) was added in service pack 2 of XP just as an example.

    You could try wpa and update devices as needed or you could use wep

  3. Thanks to mac_shinobi from:

    CHR1S (28th September 2009)

  4. #3

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,501
    Thank Post
    1,578
    Thanked 482 Times in 302 Posts
    Rep Power
    217
    Thanks for the quick reply shinobi, do you know the different overheads for each version of WPA encryption please?

  5. #4

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,756
    Thank Post
    3,265
    Thanked 1,052 Times in 973 Posts
    Rep Power
    365
    Quote Originally Posted by CHR1S View Post
    Thanks for the quick reply shinobi, do you know the different overheads for each version of WPA encryption please?
    not personally - would be good to know though.

  6. #5

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,501
    Thank Post
    1,578
    Thanked 482 Times in 302 Posts
    Rep Power
    217
    My options are -

    WEP
    WPA-Personal
    WPA-Enterprise
    WPA2-Personal
    WPA2-Personal Mixed
    WPA2-Enterprise
    WPA2-Enterprise Mixed

    Whats the difference with the enterprise/personal/mixed bits too?

  7. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    WEP is a fixed, shared key system - there's one key, everyone knows it, and if you know it you can read other people's traffic.

    WPA and WPA2 are rotating key systems: having shaken hands with the access point, you are issued a key to cipher with for a fixed amount of time, then you discard it and get another. Enterprise WPA uses RADIUS and a central server to do the initial authentication, Personal WPA (or WPA-PSK) uses a shared key to initially authenticate, that you discard once you're issued with a ciphering key.

    WPA and WPA2 are essentially the same system, except that WPA uses only the Temporal Key Integrity Protocol, whereas WPA2 can use the Advanced Encryption Standard instead. TKIP rotates the temporal (cipher) key every 10,000 packets. The underlying temporal key is actually a WEP key; what matters is that it's changed regularly so you (hopefully) can't sniff enough packets to perform a brute force attack, and can't use replay attacks to produce dummy traffic to attack.

    AES is much faster to calculate ciphers and is very well suited to hardware ciphering, but is also often only found with dedicated hardware. So, if you want to be attacked, use WEP. For high compatibility, use WPA or WPA2 with TKIP, or if your devices can all support it and you want to minimise delays use WPA2 with hardware AES. If you use RADIUS, you can centralise authentication and reduce shared key vulnerability and administration overhead; if you don't, use good passphrase as a shared key and guard it carefully.

  8. Thanks to powdarrmonkey from:

    CHR1S (29th September 2009)

  9. #7

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,062
    Thank Post
    160
    Thanked 920 Times in 723 Posts
    Blog Entries
    3
    Rep Power
    272
    WPA-Personal should be fine for what you want chris, and it works well with the XboxLive Dongle hehe

    But yes AES is much better then TKIP

    James.

  10. Thanks to EduTech from:

    CHR1S (29th September 2009)

  11. #8

    Join Date
    May 2009
    Location
    UK
    Posts
    294
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    15
    I'm pleased that the question of WEP and WPA has cropped up. I've been trying to get my head around the authentication process for the last week. I'm happy with WEP (as it's so simple and insecure!).

    Quote Originally Posted by powdarrmonkey View Post
    WPA and WPA2 are rotating key systems: having shaken hands with the access point, you are issued a key to cipher with for a fixed amount of time, then you discard it and get another.
    I realise that a PSK or passphrase is entered initially. Do you mean that this is used after initial association for the fixed amount of time, but what then? Does the AP issue another key to the host (presumably in some sort of encrypted manner, otherwise it can be sniffed) which is used for the next period ... etc.?

    TKIP rotates the temporal (cipher) key every 10,000 packets. The underlying temporal key is actually a WEP key; what matters is that it's changed regularly so you (hopefully) can't sniff enough packets to perform a brute force attack, and can't use replay attacks to produce dummy traffic to attack.
    Similar question - is the new TKIP issued by the AP or is there something built in to the AP and host software which generate the next TKIP? If so, how are the changes of TKIP at the AP and host synchronised?

  12. #9

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by Ignatius View Post
    I realise that a PSK or passphrase is entered initially. Do you mean that this is used after initial association for the fixed amount of time, but what then? Does the AP issue another key to the host (presumably in some sort of encrypted manner, otherwise it can be sniffed) which is used for the next period ... etc.?
    The pre-shared key forms what TKIP calls the 'base key', along with some unique address details and random numbers, which is then hashed. It's generated each time a station associates with an AP, and then the base key is used along with a packet sequence number and some other random data to encrypt each packet. If memory serves me correctly, the key rotation happens because the station is required to re-authenticate every so often, which changes the base key.

    Having a sequence number is also how the AP prevents replay and collision attacks. The sequence number is 48 bits, so it takes a couple of thousand years to repeat itself, making a collision practically impossible.

    If you use 802.11x authentication, the base key is generated by the RADIUS server and transmitted to the access point within your wired network boundaries, which is what makes it so much more secure than a pre-shared key, some vulnerable parts of which have to be transmitted over the air.

  13. Thanks to powdarrmonkey from:

    CHR1S (29th September 2009)

  14. #10

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,501
    Thank Post
    1,578
    Thanked 482 Times in 302 Posts
    Rep Power
    217
    Quote Originally Posted by EduTech View Post
    WPA-Personal should be fine for what you want chris, and it works well with the XboxLive Dongle hehe

    But yes AES is much better then TKIP

    James.
    But then how do I justify using one in a primary school??

    Thanks for the info everyone, looks like ill see how it does with WPA2 .

SHARE:
+ Post New Thread

Similar Threads

  1. Deploy WEP/WPA settings via Registry?
    By Zoom7000 in forum Wireless Networks
    Replies: 7
    Last Post: 20th August 2009, 10:11 PM
  2. need to join wireless WPA protected network automatically
    By projector1 in forum How do you do....it?
    Replies: 4
    Last Post: 22nd November 2007, 12:01 PM
  3. Wireless - WPA/802.1x
    By wesleyw in forum Hardware
    Replies: 2
    Last Post: 4th October 2007, 09:34 AM
  4. wireless card for domain with wpa-tkip
    By strawberry in forum Wireless Networks
    Replies: 3
    Last Post: 30th August 2007, 02:06 PM
  5. Forget all yer WEP and WPA and whatever else...
    By googlemad in forum General Chat
    Replies: 5
    Last Post: 7th August 2007, 05:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •