Wi-Fi Security Algorithms Explained
Many of us use Wi-Fi literally every day, however even at a time where we’re becoming increasingly concerned with our privacy and security, many people still don’t understand the different Wi-Fi security algorithms and what they mean.
That’s why you read tech blogs though, right? We’ve put together an explanation of the most used Wi-Fi security algorithms, WEP, WPA, and WPA2 so you can stay informed on ensuring your connection is as secure as possible.
Of course, you might be wondering why you should even care what security algorithm you use when you’re using Wi-Fi. Great question — the thing is, if someone hijacks your internet network and uses it for something illegal, the police will be knock on your door, not the hackers.
WEP
WEP, otherwise known as Wired Equivalent Privacy, is the most used Wi-Fi security algorithm, and when it was released that was for good reason — it was designed to offer as much security as using a wired LAN, which is a big deal considering the fact that wireless networks are far more susceptible to eavesdropping and hacking simply because they’re wireless.
Of course, WEP hasn’t always been very secure — while it was ratified in 1999, it wasn’t very secure because of US restrictions on the export of cryptographic technology, which limited WEP devices to 64-bit. Those restrictions were eventually lifted, and while there are now WEP devices that are 256-bit, 128-bit is the most common.
Note: The number of ‘bits’ has to do with the length of encryption keys — the longer they are, the harder they are to crack. Think of it like this — a password of 10 characters is going to be a whole lot more secure than one of 5.
Despite the fact that key lengths have increased, there have been a number of security flaws detected in WEP algorithms — so much so that it has become quite easy to hack them. Proof of concepts were first seen as far back in 2001, and the Wi-Fi alliance retired WEP as the official standard way back in 2004.
One of WEP’s major weaknesses was the fact that it used what are called static encryption keys — in other words, when (or if) you set up an encryption key on your internet router, the same key is used for every device that connects to that router. Not only that, but data packets (groups of data transferred between device and router) are not encrypted, which means they can far more easily be intercepted, and once they’re intercepted a hacker can gain access to the Wi-Fi router and devices on it by deducing what the WEP key is.
Of course, this problem could be avoided by periodically changing the WEP key, but while that might help for the super tech-aware, it won’t help the general consumer — part of the reason WEP was retired so long ago.
WPA
When WEP was retired, WPA was implemented, formally adopted back in 2003. Commonly WPA is used as WPA-PSK (or Pre-Shared Key). Those keys are 256-bit, which is quite an upgrade over the 128-bit keys most commonly used in WEP devices.
So what, apart from key length, puts WPA ahead of WEP? When data is transferred, it’s transferred in packets, or groups of data. WPA as a standard basically checks the integrity of those data packets. In other words, WPA can check whether or note a hacker has copied or altered data packets between the router and the connected device.
WPA also introduced the Temporal Key Integrity Protocol, or TKIP, which was introduced to work was a “wrapper” to WEP, allowing for people to use older devices while still getting some level of encryption. In other words, TKIP uses the older WEP programming, but wraps code with additional code at the start and end of that code to encrypt it. It was only introduced as a quick fix to the WEP security problems while something a little more secure was figured out (AES), and was subsequently retired and should not be used.
AES replaced the interim TKIP standard, and was designed to offer as much encryption as possible. It’s even used by the U.S. government. AES uses 128-bit, 192-bit, or 256-bit encryption keys, and is far superior to TKIP in that it converts the plain text encryption keys used by TKIP to ciphertext, which essentially looks like a random string of characters to those who don’t have the encryption key.
Theoretically, even 128-bit AES encryption is unbreakable at this point — it would take over 100 billion years for todays computers to figure out the encryption algorithm.
Despite this, WPA, like WEP, has been proven to have its weaknesses — normally however WPA itself isn’t hacked, but rather a supplementary system rolled out with WPA called WPS, which was designed to make the connection between router and device easy.
WPA2
WPA2 was implemented as the standard in 2006, and makes AES encryption mandatory rather than optional. It also replaces TKIP, which was only used for older devices that didn’t support AES, with CCMP, which still isn’t as secure as AES but is more secure than TKIP.
There aren’t that many vulnerabilities associated with WPA2, however there is one big one. Fortunately it’s somewhat obscure and requires the hacker to have accessed the Wi-Fi network in the past, then creating an attack on other devices on the network. Because of how obscure the flaw is, really only businesses and enterprises should be worried about it and there isn’t much of an issue for home networks.
There will likely be a replacement to WPA2 in the future, however there currently doesn’t need to be.
Conclusions
There you have it — if you’re not using the WPA2 algorithm with AES encryption, you should consider it. You can switch it on by heading to your router’s settings. If you need any help with setting up a router or wireless connection to use WPA2, please post a question in the comments section below, or start a new thread in the PCMech Forums.