WPA Encryption Explained


Recommended Posts

When you have a wireless network, it is your responsibility to make it as difficult as possible for someone else to gain access to it. After all, if someone does get in they can find out what your surfing, gain access to your computers and mess with router settings...or just use your internet connection.

Disabling SSID broadcasting and using MAC filtering is great, but can't stop someone from sniffing your traffic. WEP encryption provies a basic level of encryption, but can be cracked in under 10min.

So if you want a secure wireless network, there isn't a way around it, you need to use WPA.

Requirements

You need hardware and/or firmware/drivers that allow the use of WPA. Every wireless-G hardware out there has some form of WPA on it, but a firmware or driver update can get WPA on your older wireless-b equipment as well. Hardware that has been sold before 2003 generally need to be replaced.

Different Types

WPA Radius Authentication - Your typical home user wont use this, unless you want to setup a radius server. This server works with WPA to pass different keys to each user. I'm not going to go into how to set this up.

WPA PSK - PSK stands for Pre-Shared Key and is most commonly used by home users. The user must have a certain password to enter the network. PSK can be used with either AES or TKIP, depending on what your hardware can support. It is important that you choose a strong password to prevent against dictionary attacks.

AES - An algorithm that requires special hardware support to use. It is stronger, but a firmware/driver update won't get you AES.

TKIP - This system changes the key every specified amount of time to prevent cracking attempts. You can usually adjust how often it changes in the router/AP settings. This does not mean it changes your password, just the key.

WPA2 - The new WPA standard that uses a stronger algorithm, but is not backwards compatable with older hardware.

Making sure you got the software

Being that WinXP is the only OS that officially supports WPA2, you need to rely on 3rd party vendors for support, which is usually delivered.

Most of the time, when you install a driver for the wireless card, a special WPA driver will be installed with it. You can see it by going into the network/dialup connections in the control panel and looking at the properties of the card. It might be called something like "AEGIS WPA Protocol" or "WPA Security Protocol". Note that you cannot install updates to these protocols seperately from the drivers, your card requires specific WPA protocols to work.

post-38325-1117752184.jpg

Your router should have options for WPA in it's settings. If it does not, a firmware update could allow WPA to be enabled. Check the router's webpage to see if there is one.

If you do get a firmware update that enables WPA, I highly recommend that you restore your router's settings to factory default after upgrading the firmware. If I had known to do that I woulda saved myself a lot of trouble. :pinch:

Setting it up

First connect to the router with a patch cable rather than wirelessly. Setting up the router is easier that way. Login the router, go to the wireless security part. WPA-PSK is the type of encryption you want to use. After selecting PSK, you might get an option to either use AES or TKIP. If you had to upgrade any software to get WPA, then you probably have to use TKIP since AES requires hardware that natively supports WPA. After the selections have been made, you must choose a passphrase. Try to have it in the range of 10 to 25 characters. Once the passphrase is set, enter the same information in the wireless network card and you should be set.

post-38325-1117752250_thumb.jpg

Troubleshooting...

If WPA wont work:

1) Make sure that you have all the types and the passphrases matched exactly.

2) Try turning off/on the router or restarting.

3) If you are using the wireless config utility that comes with WinXP, try using the one that came with the card instead. You can set it by going into the properties of the network connection and unchecking "use windows to configure my wireless settings"

post-38325-1117752267.jpg

4) Sometimes using obscure characters like ąĈ??? can work against you in the passphrase.

5) If signal strength is lower than 9dB, then the connection is flaky with WPA.

6) Check to make sure the router is on fire. Fires usually interfere with the router's function.

7) If there are other wireless networks on the same channel in your area, change the channel to some different value.

8) Avoid generic drivers and firmware.

Link to comment
https://www.neowin.net/forum/topic/327471-wpa-encryption-explained/
Share on other sites

  Relativity_17 said:
Is there any software available for Windows that can tell whether you've successfully disabled SSID broadcasting on your router?

586007665[/snapback]

No, that requires the wireless utility that comes with your wireless card. All utilties come with a thing that views available wireless networks. Good adapters can show all the wireless networks in the area, if they have encryption, their signal strengh and their network name (or lack thereof). I think you can trust that SSID broadcasting is disabled and as long as you didn't leave it at "netgear" or "linksys", you're fine.

Considering that 3 of my neighbours have unencrypted networks, I'm not all too worried about someone getting into my network. The computers themselves are only open to each other, since their IPs are statically assigned from the router.

I'll look into it later on during the summer though... just for kicks.

Just a quick tip if your card does not support WPA look for the chipset that the card is and look on the internet for a company (like Dlink or Netgear) that uses the same chipset that does support WPA in there driver, install there driver over your card and you now have all there features.

My card an Asus 802.11G with only WEP 128bit encryption is convinced its a D-Link card and I now have WPA WPA-PSK WEP and so on.

  WinMacLin said:
Just a quick tip if your card does not support WPA look for the chipset that the card is and look on the internet for a company (like Dlink or Netgear) that uses the same chipset that does support WPA in there driver, install there driver over your card and you now have all there features.

My card an Asus 802.11G with only WEP 128bit encryption is convinced its a D-Link card and I now have WPA WPA-PSK WEP and so on.

586030693[/snapback]

Indeed :) Here's a link that might be useful to some. i.e. Toshiba Wireless LAN Adapter users can simply download the latest Agere driver.

  • 2 weeks later...
  kaffra said:
nice guide, i just got my netgear wireless router today. So wpa is better to have then wep?

586081494[/snapback]

Tons better. Wep can be cracked in like 15min tops. WPA is a lot stronger so long as you have a good password.

  Quote
Does the user have to always key in a password to access the network(if wpa is used?)

No.

Thanks for this guide, but I was wondering if you knew anything about steps to fix another (seemingly common) problem.

I recently set up a home wireless network in my fiance's parents' house, and set up with WPA-PSK. The router was a Linksys, I can't recall the exact model off the top of my head, but it was 802.11b only. (The notebook is capable of G, but for their purposes, that isn't really necessary, and the B router was $5 after rebate at Best Buy.)

The notebook is a Toshiba Satellite (don't remember the model either, sorry) with integrated B/G wireless, and was purchased in July of 2004. The notebook has successfully logged onto other WPA-PSK networks without having this problem. (There is a small coffee house with wi-fi that uses PSK we have connected in)

Logging in itself isn't the problem, however, every so often (probably when the key is reset), the connection is dropped, and we have to manually reconnect. Right now, the network is set to WEP, but they would really prefer to have WPA, and we cannot figure out how to correct this issue.

Just wondered if anyone had any ideas of how to start troubleshooting this, thanks!

Edit: Used TKIP when setting up

Edited by marshallbanana
  marshallbanana said:
Logging in itself isn't the problem, however, every so often (probably when the key is reset), the connection is dropped, and we have to manually reconnect. Right now, the network is set to WEP, but they would really prefer to have WPA, and we cannot figure out how to correct this issue.

586093189[/snapback]

Well your in luck because I had just about the exact same problem, with almost the same hardware (linksys router + toshiba satellite). After upgrading the firmware of the router itself, I switched to WPA, but the connection keeped dropping. I found out, after much difficulty, that it was caused by the router switching between WPA and WEP. Resetting the router settings fixed the problem. Hopefully it will fix it for you as well.

Well, WPA-PSK was available on the router without a firmware update, so I haven't done so. Would it be a good idea to try this first?

I'm not sure that resetting the router settings will do much, since the only settings changed out of the box were those concerning the SSID and setting up the encryption. I suppose it's worth a try :D

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Zen Browser 1.13b by Razvan Serea Zen Browser is a privacy-focused, open-source web browser built on Mozilla Firefox, offering users a secure and customizable browsing experience. It emphasizes privacy by blocking trackers, ads, and ensuring your data isn't collected. With Zen Mods, users can enhance their browser experience with various customization options, including features like split views and vertical tabs. The browser is designed for efficiency, providing fast browsing speeds and a lightweight interface. Zen Browser prioritizes user control over the browsing experience, offering a minimal yet powerful alternative to traditional web browsers while keeping your online activity private. Zen Browser’s DRM limitation Zen Browser currently lacks support for DRM-protected content, meaning streaming services like Netflix and HBO Max are inaccessible. This is due to the absence of a Widevine license, which requires significant costs and is financially unfeasible for the developer. Additionally, applying for this license would require Zen to be part of a larger company, similar to Mozilla or Brave. Therefore, DRM-protected media won't be supported in Zen Browser for the foreseeable future. Zen Browser offers features that improve user experience, privacy, and customization: Privacy-Focused: Blocks trackers and minimizes data collection. Automatic Updates: Keeps the browser updated with security patches. Zen Mods: Customizable themes and layouts. Workspaces: Organize tabs into different workspaces. Compact Mode: Maximizes screen space by minimizing UI elements. Zen Glance: Quick website previews. Split Views: View multiple tabs in the same window. Sidebar: Access bookmarks and tools quickly. Vertical Tabs: Manage tabs vertically. Container Tabs: Separate browsing sessions. Fast Profile Switcher: Switch between profiles easily. Tab Folders: Organize tabs into folders. Customizable UI: Personalize browser interface. Security Features: Inherits Firefox’s robust security. Fast Performance: Lightweight and optimized for speed. Zen Mods Customization: Deep customization with mods. Quick Access: Easy access to favorite websites. Open Source: Built on Mozilla Firefox with community collaboration. Community-Driven: Active development and feedback from users. GitHub Repository: Contribute and review the source code. Zen Browser 1.13b changes: New Features There's a new way to manage spaces, which brings a more intuitive and user-friendly experience Updated to firefox 139.0.4 Added support for Google safebrowsing for better security Collapsed toolbarr gets a slight UI redesign Fixes Fixed issues related to glance and split view Fixed performance issues and high GPU usage for some users Other small fixes and improvements Breaking Changes Customizable UI buttons at the bottom has been reset to a new default state Download: Zen Browser | 73.6 MB (Open Source) Download: Zen Browser ARM64 | Other Operating Systems View: Zen Browser Home Page | Screenshots 1 | 2 | Reddit Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • It is fundamentally impossible to secure delete files, especially on newer HDDs and all SSDs. You never know how the controller firmware is going to layout data or copy data around to optimize access or invoke wear leveling. The only way to securely “delete” something is to put it on an encrypted file system and forget the encryption key, assuming any apps you open the files in don’t copy the files to a local cache on the boot volumes.
    • TBF, it has had PST support for quite a while now. But I still want them to add the ability to drag & drop between accounts / PSTs.
    • LibreOffice closes in on Microsoft Office, leaves Windows 7/8 behind in 25.8 Beta 1 by David Uzondu The Document Foundation has released LibreOffice 25.8 Beta 1 for public testing on Linux, macOS, and Windows. This is the second pre-release for the 25.8 cycle and the foundation says that the final, stable version of LibreOffice 25.8 is expected to land at the end of August 2025. Starting off with Writer, LibreOffice's Word, the developers have finally addressed some long-standing annoyances, including a new command to easily insert a paragraph break right before a table. This beta also introduces a useful privacy feature in its Auto-Redact tool, letting you strip all images from a document with a single option. To use it, go to Tools and select the Auto-Redact option: The application has improved its ability to handle different languages for punctuation, preventing mix-ups in multilingual documents. Other notable improvements have also been made. A new hyphenation rule lets you choose to prevent a word from splitting at the end of a page, moving the whole line to the next page instead. Microsoft Word has had this feature for years now. The Navigator now displays a handy tooltip with word and character counts for headings and their sub-outlines. Scrolling behavior when selecting text has been improved, making it less erratic. A new command with a keyboard shortcut was added for converting fields into plain text. Calc gets a lot of new functions that bring it closer to its competitors like Excel, including TEXTSPLIT, VSTACK, and WRAPROWS. Impress now properly supports embedded fonts in PPTX files, which should reduce headaches when sharing presentations with PowerPoint users. Alongside these additions, the project is also cleaning house; support for Windows 7, 8, and 8.1 has been completely dropped. There are also smaller UI tweaks across the suite, like allowing a single click to enter rotation mode for objects in Writer and Calc. macOS users get better integration, with proper support for native full screen mode and new window management features from the Sequoia update. In terms of performance, the team has optimized everything from loading huge DOC files and XLSX spreadsheets with tons of conditional formatting to simply switching between sheets in Calc. These improvements should be noticeable, especially when working with complex documents. A new application-wide "Viewer mode" has also been implemented, which opens all files in a read-only state for quick, safe viewing. On a related note, The Document Foundation has joined efforts by the likes of KDE to encourage Windows 10 users to switch to Linux. Also, you might have heard that Denmark, in a bid to lessen its reliance on Microsoft, has decided to make a full switch to LibreOffice, with plans to begin phasing out Office 365 in certain ministries as early as next month. If you're interested in this release, you can read the full release notes and download the binaries for your platform: Windows, macOS (Intel | Apple Silicon), or Linux (DEB | RPM). You can also get the latest stable version from our software stories page.
  • Recent Achievements

    • Week One Done
      julien02 earned a badge
      Week One Done
    • One Year In
      Drewidian1 earned a badge
      One Year In
    • Explorer
      Case_f went up a rank
      Explorer
    • Conversation Starter
      Jamie Smith earned a badge
      Conversation Starter
    • First Post
      NeoToad777 earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      544
    2. 2
      ATLien_0
      227
    3. 3
      +FloatingFatMan
      160
    4. 4
      Michael Scrip
      113
    5. 5
      +Edouard
      104
  • Tell a friend

    Love Neowin? Tell a friend!