Saturday, July 11, 2009

Good Lifehacker post on how crackable WEPs are. When I take out my laptop in a public area I don't see nearly so many anymore, but I'm sure there are still a lot of people out there who don't understand the difference between WEP, WPA, and WPA2 and aren't aware that they need to upgrade their wireless network security.

I don't really get to study wireless networking until fall semester, but just for the heck of it I'll explain the differences here. WEP, WPA, and WPA2 are all methods of encrypting data before sending it out over a wireless connection. The encryption is done by software embedded in the router, and it only lasts as long as the data is being transmitted--the data is decrypted again before it reaches the wired network.
  • WEP (Wired Equivalent Privacy) encrypts data with 64- or 128-bit encryption keys. The problem is that the keys are static, meaning that any hacker worth his or her salt can crack them in a reasonable period of time.
  • WPA (WiFi Protected Access, also known as TKIP--Temporal Key Integrity Protocol) uses 256-bit encryption keys, but changes them at set intervals. Better than WEP, but crackable with a bit more effort.
  • WPA2 is based on 802.11i, which is the standard for commercial-grade encryption products. It is the best of the three in that it actually generates a new encryption key for each session.
One Lifehacker commenter, MaribelAlligator, offered a really good analogy to describe the effectiveness of each of these methods:
I like to use the analogy of door locks. WEP is closest to a bathroom or bedroom lock (the kind you can unlock with a stiff pin). It'll let people know you don't want them to enter, but anyone with a the slightest bit of knowledge can get past it. WPA is like a standard door lock; it's a lot more secure, but it is still possible to get by for someone with the right tools, knowledge, and circumstances. WPA2 is like a bank safe. It may be possible to defeat, depending on how it's been set up, but it's not realistically possible for anybody to actually do so... yet.
Someone else in comments likened WEP to a "No Trespassing" sign--the people who will read the sign and go away aren't the ones you have to worry about. Someone who wants to get in very badly, however, will find a way.

No comments:

Post a Comment