WPA Encryption Explained


Recommended Posts

When you have a wireless network, it is your responsibility to make it as difficult as possible for someone else to gain access to it. After all, if someone does get in they can find out what your surfing, gain access to your computers and mess with router settings...or just use your internet connection.

Disabling SSID broadcasting and using MAC filtering is great, but can't stop someone from sniffing your traffic. WEP encryption provies a basic level of encryption, but can be cracked in under 10min.

So if you want a secure wireless network, there isn't a way around it, you need to use WPA.

Requirements

You need hardware and/or firmware/drivers that allow the use of WPA. Every wireless-G hardware out there has some form of WPA on it, but a firmware or driver update can get WPA on your older wireless-b equipment as well. Hardware that has been sold before 2003 generally need to be replaced.

Different Types

WPA Radius Authentication - Your typical home user wont use this, unless you want to setup a radius server. This server works with WPA to pass different keys to each user. I'm not going to go into how to set this up.

WPA PSK - PSK stands for Pre-Shared Key and is most commonly used by home users. The user must have a certain password to enter the network. PSK can be used with either AES or TKIP, depending on what your hardware can support. It is important that you choose a strong password to prevent against dictionary attacks.

AES - An algorithm that requires special hardware support to use. It is stronger, but a firmware/driver update won't get you AES.

TKIP - This system changes the key every specified amount of time to prevent cracking attempts. You can usually adjust how often it changes in the router/AP settings. This does not mean it changes your password, just the key.

WPA2 - The new WPA standard that uses a stronger algorithm, but is not backwards compatable with older hardware.

Making sure you got the software

Being that WinXP is the only OS that officially supports WPA2, you need to rely on 3rd party vendors for support, which is usually delivered.

Most of the time, when you install a driver for the wireless card, a special WPA driver will be installed with it. You can see it by going into the network/dialup connections in the control panel and looking at the properties of the card. It might be called something like "AEGIS WPA Protocol" or "WPA Security Protocol". Note that you cannot install updates to these protocols seperately from the drivers, your card requires specific WPA protocols to work.

post-38325-1117752184.jpg

Your router should have options for WPA in it's settings. If it does not, a firmware update could allow WPA to be enabled. Check the router's webpage to see if there is one.

If you do get a firmware update that enables WPA, I highly recommend that you restore your router's settings to factory default after upgrading the firmware. If I had known to do that I woulda saved myself a lot of trouble. :pinch:

Setting it up

First connect to the router with a patch cable rather than wirelessly. Setting up the router is easier that way. Login the router, go to the wireless security part. WPA-PSK is the type of encryption you want to use. After selecting PSK, you might get an option to either use AES or TKIP. If you had to upgrade any software to get WPA, then you probably have to use TKIP since AES requires hardware that natively supports WPA. After the selections have been made, you must choose a passphrase. Try to have it in the range of 10 to 25 characters. Once the passphrase is set, enter the same information in the wireless network card and you should be set.

post-38325-1117752250_thumb.jpg

Troubleshooting...

If WPA wont work:

1) Make sure that you have all the types and the passphrases matched exactly.

2) Try turning off/on the router or restarting.

3) If you are using the wireless config utility that comes with WinXP, try using the one that came with the card instead. You can set it by going into the properties of the network connection and unchecking "use windows to configure my wireless settings"

post-38325-1117752267.jpg

4) Sometimes using obscure characters like ąĈ??? can work against you in the passphrase.

5) If signal strength is lower than 9dB, then the connection is flaky with WPA.

6) Check to make sure the router is on fire. Fires usually interfere with the router's function.

7) If there are other wireless networks on the same channel in your area, change the channel to some different value.

8) Avoid generic drivers and firmware.

Link to comment
https://www.neowin.net/forum/topic/327471-wpa-encryption-explained/
Share on other sites

  Relativity_17 said:
Is there any software available for Windows that can tell whether you've successfully disabled SSID broadcasting on your router?

586007665[/snapback]

No, that requires the wireless utility that comes with your wireless card. All utilties come with a thing that views available wireless networks. Good adapters can show all the wireless networks in the area, if they have encryption, their signal strengh and their network name (or lack thereof). I think you can trust that SSID broadcasting is disabled and as long as you didn't leave it at "netgear" or "linksys", you're fine.

Considering that 3 of my neighbours have unencrypted networks, I'm not all too worried about someone getting into my network. The computers themselves are only open to each other, since their IPs are statically assigned from the router.

I'll look into it later on during the summer though... just for kicks.

Just a quick tip if your card does not support WPA look for the chipset that the card is and look on the internet for a company (like Dlink or Netgear) that uses the same chipset that does support WPA in there driver, install there driver over your card and you now have all there features.

My card an Asus 802.11G with only WEP 128bit encryption is convinced its a D-Link card and I now have WPA WPA-PSK WEP and so on.

  WinMacLin said:
Just a quick tip if your card does not support WPA look for the chipset that the card is and look on the internet for a company (like Dlink or Netgear) that uses the same chipset that does support WPA in there driver, install there driver over your card and you now have all there features.

My card an Asus 802.11G with only WEP 128bit encryption is convinced its a D-Link card and I now have WPA WPA-PSK WEP and so on.

586030693[/snapback]

Indeed :) Here's a link that might be useful to some. i.e. Toshiba Wireless LAN Adapter users can simply download the latest Agere driver.

  • 2 weeks later...
  kaffra said:
nice guide, i just got my netgear wireless router today. So wpa is better to have then wep?

586081494[/snapback]

Tons better. Wep can be cracked in like 15min tops. WPA is a lot stronger so long as you have a good password.

  Quote
Does the user have to always key in a password to access the network(if wpa is used?)

No.

Thanks for this guide, but I was wondering if you knew anything about steps to fix another (seemingly common) problem.

I recently set up a home wireless network in my fiance's parents' house, and set up with WPA-PSK. The router was a Linksys, I can't recall the exact model off the top of my head, but it was 802.11b only. (The notebook is capable of G, but for their purposes, that isn't really necessary, and the B router was $5 after rebate at Best Buy.)

The notebook is a Toshiba Satellite (don't remember the model either, sorry) with integrated B/G wireless, and was purchased in July of 2004. The notebook has successfully logged onto other WPA-PSK networks without having this problem. (There is a small coffee house with wi-fi that uses PSK we have connected in)

Logging in itself isn't the problem, however, every so often (probably when the key is reset), the connection is dropped, and we have to manually reconnect. Right now, the network is set to WEP, but they would really prefer to have WPA, and we cannot figure out how to correct this issue.

Just wondered if anyone had any ideas of how to start troubleshooting this, thanks!

Edit: Used TKIP when setting up

Edited by marshallbanana
  marshallbanana said:
Logging in itself isn't the problem, however, every so often (probably when the key is reset), the connection is dropped, and we have to manually reconnect. Right now, the network is set to WEP, but they would really prefer to have WPA, and we cannot figure out how to correct this issue.

586093189[/snapback]

Well your in luck because I had just about the exact same problem, with almost the same hardware (linksys router + toshiba satellite). After upgrading the firmware of the router itself, I switched to WPA, but the connection keeped dropping. I found out, after much difficulty, that it was caused by the router switching between WPA and WEP. Resetting the router settings fixed the problem. Hopefully it will fix it for you as well.

Well, WPA-PSK was available on the router without a firmware update, so I haven't done so. Would it be a good idea to try this first?

I'm not sure that resetting the router settings will do much, since the only settings changed out of the box were those concerning the SSID and setting up the encryption. I suppose it's worth a try :D

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • This super-powerful GaN charger with four ports is 50% off by Taras Buria Some time ago, I reviewed the Cuktech 10, a powerful 100W GaN charger with three ports. It left positive impressions, and since then, it has served me as my primary charger for my phone, watch, laptop, and tablet. Recently, Cuktech offered me the opportunity to take a look at the model 15, a more powerful 140W GaN charger, this time, with four ports. Right now, this powerful charger is available with a massive discount at just $50.99 (with coupon applied). The Cuktech 15 is the same as the Cuktech 10, just slightly bigger, more powerful, and with one extra port. It has a light metallic finish, but overall, it retains the brand's identity and features. The four ports are well spaced out, and the black plastic insert with a cyan rim has a ribbed texture for better grips. Although I live in Europe, Cuktech sent me a US variant with a retractable plug. Okay, I guess. The ability to retract the plug makes it extra portable, which is nice. A high-power 240W five-foot cable is also included. The charger measures 3.11 x 2.56 x 1.26 inches and weighs 0.737 lbs. The Cuktech 15 has four ports: two high-power Type-C ports, one Type-C port with a lower output, and one Type-A port. The first two Type-C ports can deliver a full 140W in single-port mode (PD 3.1 supported), which is nice—no asterisk or caveats here with combined power or something. If you need the full 140W for one device, you get it. Ports are capable of working in the following modes: Single-port Type-C1 / C2: 140W max 5V 2A, 5V 3A, 9V 3A, 11V 6.1A, 12V 3A, 15V 3A, 20V 5A, 28V 5A Type-C3: 33W max 5V 2A, 5V 2.4A, 9V 2A, 12V 1.5A, 11V 3A Type-A: 18W max 5V 2A, 5V 3A, 9V 2A, 12V 1.5A Multi-Port Type-C1 + C2: 100W + 33W or 65W + 65W Type-C1/C2 + Type-C3: 100W + 33W Type-C1/C2 + Type-A: 100W + 18W Type-C1 + Type-C2 + Type-C3: 65W + 60W + 7.5W or 45W + 45W + 18W Type-C1 + Type-C2 + Type-C3 + Type-A: 65W + 60W + 7.5W As you can see, the charger is pretty robust, and it can power two pretty powerful laptops at once and even have enough oomph to charge a smartphone, albeit at a lower power. Another thing worth mentioning is that the Cuktech 15 delivers "clean" power with pretty low pulsations at about 25-50 mV. The rule of thumb is that the lower the pulsations, the better the charger is for your device's battery health. In this area, Cuktech's charger does not disappoint, and they deliver way better results than 100 mV, which is considered a standard for a good charger. Cuktech uses gallium nitride technology, which enables smaller, more powerful and efficient charging. Speaking of efficiency, the charger is rated for 78% average or 64% at a 10% load. When charging at 120W, I received an average of 80-85%, which is good. Of course, when charging at peak power, it gets hot, but not too much. The Cuktech 15 140W usually costs $99.99, which is undoubtedly not cheap. However, right now, you can get it for half the price, which is a very good deal, considering you get a high-quality charger with plenty of ports and very high power output. Like with the Cuktech 10, you cannot go wrong with this one. CUKTECH 15 140W four-port GaN charger - $50.99 | 30% off + a 20% off coupon As an Amazon Associate, we earn from qualifying purchases.
    • Awesome book, just hope they don't screw up Rocky and the story
    • KDE's KClock is getting Wayland Picture-In-Picture support by David Uzondu The KClock app for KDE Plasma over the years has received a number of updates, like better integration with KRunner and a dedicated background service (kclockd) for managing alarms. Now, it looks like KDE devs want to add something cool: pop-out timers using the new Picture-in-Picture protocol for Wayland. Image: Kai Uwe Broulik This all started from a simple observation. Kai Uwe Broulik, a KDE developer, saw someone using a small timer window during a presentation and thought it was a good idea. The problem is that achieving this kind of "always on top" behavior is handled differently between the old X11 display server and the newer Wayland. With X11, an application could pretty much do whatever it wanted. If a program wanted to draw a drop-down menu, it would just create a borderless window, place it in a specific spot, and grab all user input. Wayland operates on a different philosophy. As Broulik notes, under Wayland, the application describes what it wants, and the compositor gets to decide how to handle it. A drop-down menu is an XDG Popup. The application tells the compositor which button spawned it, and the compositor handles the placement and behavior. This is much more secure and consistent. It also means an application cannot just decide to keep its window on top of everything else. This restriction prevents a web browser from implementing an overlay video player under Wayland. To get around this in a standardized way, a proper Wayland support model for Picture-in-Picture, or PiP, was needed. Enter the xx-pip-v1 protocol. It is a new protocol designed specifically for creating floating PiP windows, and KWin, Plasma's compositor, recently gained support for it. Because it is an experimental protocol, its use is gated behind an environment variable, KWIN_WAYLAND_SUPPORT_XX_PIP_V1. A new protocol is fine for demos, but it needs a real application to find its weaknesses. So Broulik implemented it in KClock. This work allows KClock to offer pop-out timers and even a pop-out stopwatch in a small PiP window. The user could get system-wide options to control where the PiP window appears, or if it appears at all, and have that setting apply to every single application that uses the protocol. You can check out the merge request on GitLab for more technical details about this feature.
    • Nothing of course; it is just a classic syndrome of MAGA pathology.
    • They use it to assessment's in the UK already. Have a friend who said they basically feed response's and prompt during assessment's for many mental health conditions now (essentially tick boxes these days enough ticks and you got it) the AI can prompt questions to ask if its unsure how to score something. It's really good at recognising fractures and broken bones also.
  • Recent Achievements

    • One Month Later
      CHUNWEI earned a badge
      One Month Later
    • Week One Done
      TIGOSS earned a badge
      Week One Done
    • First Post
      henryj earned a badge
      First Post
    • First Post
      CarolynHelen earned a badge
      First Post
    • Reacting Well
      henryj earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      477
    2. 2
      +FloatingFatMan
      196
    3. 3
      ATLien_0
      164
    4. 4
      Xenon
      81
    5. 5
      Som
      77
  • Tell a friend

    Love Neowin? Tell a friend!