Wireless security protocols like WEP, WPA and WPA2 ensure that only authorized parties connect to your wireless network, and that your traffic is encrypted. However, all three work differently, and provide different levels of security. In fact, WEP shouldn’t be used any longer, and WPA2 is preferred. These differences come down to the strength of the encryption algorithms used, and how they are implemented.
Standard | Method | Encryption Notes | Notes |
WEP | RC4 stream | 24-bit Initialization Vector | Can be cracked in seconds |
WPA | TKIP | 128-bit wrapper around WEP | TKIP has been cracked |
WPA2 | AES-CCMP | 128-bit AES encryption | 48 bit initialization vector increases security |
Wired Equivalent Privacy (WEP) is the oldest protocol, and can easily be cracked in seconds. It should only be used when necessary for backwards compatibility. RC4 is a stream cipher, and therefore shouldn’t be used with repeated keys. WEP typically concatenates a 40-bit key with a 24-bit initialization vector to create the RC4 key. However, the 24-bit initialization vector is short enough that there is a 50% chance of repeats after 5,000 packets. This is why WEP can be cracked so quickly.
Wi-Fi Protected Access (WPA) uses Temporal Key Integrity Protocol (TKIP) and partially implements the IEEE 802.11i standard. TKIP itself was deprecated in the 2012 IEEE 802.11 standard. It is essentially a 128-bit wrapper around WEP. It was meant to be a more secure replacement for WEP that, due to backwards compatibility, wouldn’t require replacing legacy hardware.
Wi-Fi Protected Access 2 (WPA2) fully implements 802.11i, and uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) along with 128-bit Advanced Encryption Standard (AES) encryption. WPA2 networks provide unique encryption keys for all wireless clients unlike WEP and WPA. It is currently the most secure choice although there are vulnerabilities to be aware of. This is one reason it is important to update and patch systems as soon as possible.