Confused by WEP, WPA, TKIP, AES & Other Wireless Security Acronyms?

Use Netsparker


I found an interesting article today which sums up most of the acryonyms involved in wireless networks and wireless security and explain them all in brief.

It may clear things up for some people who get overwhelmed by all the jargon, especially with the recent news hitting the mainstream about WPA being partially cracked.

Users have every right to be perplexed by wireless security standards. Faced by an alphabet soup of AES, RADIUS, WEP, WPA, TKIP, EAP, LEAP and 802.1x, many users don’t secure their wireless networks at all. Now that earlier wireless security standards such as Wi-Fi Protected Access and Wired Equivalent Privacy are being cracked, it’s time to examine what all the terms mean and think about changes.

Just about a month ago, in early November, the news came out that the first cracks were appearing in WPA, or Wi-Fi Protected Access, a very popular wireless security standard. The compromise that was accomplished by some researchers was not a real killer, but the affected version of WPA (and the associated encryption process, TKIP, or Temporal Key Integrity Protocol), was always meant as a stopgap standard.

So here you go, the acronyms, hope it’s useful to someone :)


  • WEP (Wired Equivalent Privacy)—The old, original, now discredited wireless security standard. Easily cracked.
  • WEP 40/128-bit key, WEP 128-bit Passphrase—See WEP. The user key for WEP is generally either 40- or 128-bit, and generally has to be supplied as a hexadecimal string.
  • WPA, WPA1—Wi-Fi Protected Access. The initial version of WPA, sometimes called WPA1, is essentially a brand name for TKIP. TKIP was chosen as an interim standard because it could be implemented on WEP hardware with just a firmware upgrade.
  • WPA2—The trade name for an implementation of the 802.11i standard, including AES and CCMP.
  • TKIP—Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
  • AES—Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
  • Dynamic WEP (802.1x)—When the WEP key/passphrase is entered by a key management service. WEP as such did not support dynamic keys until the advent of TKIP and CCMP.
  • EAP—Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently there are about 40 different methods implemented for EAP. See WPA Enterprise.
  • 802.1x, IEEE8021X—The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
  • LEAP, 802.1x EAP (Cisco LEAP)—(Lightweight Extensible Authentication Protocol) A proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS and frequent reauthentication.
  • WPA-PSK, WPA-Preshared Key—Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
  • RADIUS—Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
  • WPA Enterprise, WPA2 Enterprise—A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will interoperate (EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC & EAP-SIM)
  • WPA-Personal, WPA2-Personal—See Pre-Shared Key.
  • WPA2-Mixed—Support for both WPA1 and WPA2 on the same access point.
  • 802.11i—An IEEE standard specifying security mechanisms for 802.11 networks. 802.11i uses AES and includes improvements in key management, user authentication through 802.1X and data integrity of headers.
  • CCMP—Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol that uses AES.

Enjoy!

Source: eWeek

Posted in: Hacking News, Wireless Hacking

, , , , ,


Latest Posts:


dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.


3 Responses to Confused by WEP, WPA, TKIP, AES & Other Wireless Security Acronyms?

  1. Della Lowe December 5, 2008 at 6:24 pm #

    This is indeed interesting and useful. So many terms and so little time to look them all up on Wikipedia. Your readers may also find this archived Webinar from experts at AirTight useful for insights into this WPA crack.
    Is the latest wireless vulnerability just the tip (or TKIP) of the iceberg?
    http://www.airtightnetworks.com/home/news/events-and-webinars/webinar-tkip-vulnerability.html

  2. adam kay January 2, 2009 at 10:59 am #

    i am trying to connect my internet with my laptop and ipod touch but every time i try they both require WEP passcodes. wher do i find the WEP password?

  3. Math January 21, 2009 at 10:15 pm #

    Thanks for the great article!