Wireless network card encryption method WEP WPA/WPA2 Introduction

Source: Internet
Author: User

Configuration options for common wireless hotspots:
Wireless Name
The wireless (Wi-Fi) name of the router.
Wireless password
Wireless encryption using WPA2-PSK/WPA-PSK encryption method, AES encryption algorithm, wireless password is 8-63 characters, preferably a combination of numbers, letters, symbols.
Channel
Wireless data signal transmission channels, it is recommended to keep the default automatic, the router will automatically according to the surrounding wireless environment to choose the best channel.
Mode
The wireless mode in which the router works.
Band Bandwidth
The band width of the wireless data transmitted by the router.
Signal strength
The signal strength of different grades can be selected according to the actual use.
Turn on AP Quarantine
Each wireless device connected to the router can be safely isolated after it is turned on.


Encryption Method:
1. WEP (Wired equivalent Privacy, Wired equivalent secrecy). From the name alone, WEP appears to be a secure cryptographic protocol for wired networks, which is not the case. The WEP standard was created early in the wireless network, which is the necessary security layer for wireless LAN WLANs. Currently, 64-bit WEP encryption and 128-bit WEP encryption are common.
WEP security technology is derived from RSA Data encryption technology named RC4, where data transmitted over a wireless network is encrypted using a randomly generated key. But the algorithm that WEP uses to generate these keys is quickly discovered to be predictable, and for intruders, they can easily intercept and crack these keys, making the user's wireless security form a fake. Therefore, Windows 7 does not support setting up the network automatically using WEP shared key authentication. If your wireless network card (or operating system version) is older, you can only support WEP encryption. Windows XP SP2 does not support WPA2 encryption, you need to install Windows XP update KB893357 (1.18M, Simplified Chinese), or upgrade the system to SP3.
Because of the low security of WEP, the IEEE 802.11 organization began to develop a new security standard, the 802.11i protocol. However, since the new standard from the development to the release of a long period of time, and users will not just for the security of the network to abandon the original wireless equipment, so the wireless industry Alliance before the new standard launch, but also on the basis of the 802.11i draft WPA (Wi-Fi procted Access) Wireless encryption protocol.
WPA uses TKIP (temporal key Integrity Protocol, Temporal Key Integrity Protocol), and its encryption algorithm is still the RC4 encryption algorithm used in WEP, so there is no need to modify the original wireless device hardware. WPA is designed to improve the security of wireless networks through software upgrades, such as the lack of an IV, the simplicity of key management, the absence of effective protection for message integrity, and other issues that exist with WEP.

2. WPA provides users with a complete authentication mechanism, ap/no line by the user's authentication results to determine whether to allow access to the wireless network, after successful authentication can be based on a variety of ways (the number of packets transmitted, the user access to the network time, etc.) to dynamically change the encryption key of each access user. In addition, it will encode the data packets in the wireless transmission to ensure that user data is not changed by other users. As a subset of the 802.11i standard, the core of WPA is ieee802.1x and TKIP.
In view of the different user groups and different application security needs, WPA employs two application modes, Enterprise mode and family mode. According to different application patterns, WPA certification is divided into two different ways, for large enterprise users, "802.1x+ EAP" encryption method is the best choice, it is very good security, the user must provide the credentials required for authentication to achieve the connection.

For some small and medium-sized enterprise networks or home users, the "WPA preshared key (WPA-PSK)" mode is more suitable, it does not require a dedicated authentication server, only requires that each WLAN node (AP, wireless router, network card, etc.) pre-enter a key. It is important to note that this key is used only for the authentication process, not the encryption used to transmit the data. The key of data encryption is generated dynamically after successful authentication, the system will guarantee "one household one secret", there is no case that the whole network share one encryption key like WEP, so the security of wireless network is much higher than WEP.

Although WPA (TKIP) encryption technology was also cracked in 08, its cracking process is very complex, not a common hacker can achieve. So if you have no line and wireless network card support WPA encryption, then do not hesitate to choose this encryption method, because it is your best choice at this stage, but also to help you easily away from the "mesh" trouble.
As mentioned earlier, as the full IEEE 802.11i standard launches for some time, and WiFi Alliance to enable new security standards as soon as possible to the deployment of the wireless network to eliminate the security concerns of users, so that the wireless network market can quickly expand, Therefore, WPA was developed with the completion of TKIP's draft IEEE 802.11i Third Edition (IEEE 802.11i draft 3) as a benchmark. When the IEEE completed and published the IEEE 802.11i Wireless LAN Security Standard, the Wi-Fi Consortium released the WPA version 2nd--WPA2. WPA2 supports AES (Advanced encryption algorithm) for higher security, but unlike WPA, WPA2 requires new hardware to support it.

3. WPA2 is the authentication form of the Wi-Fi Alliance verified IEEE 802.11i Standard, WPA2 implements the mandatory elements of 802.11i, in particular, the Michael algorithm is generally accepted completely secure CCMP (counter mode cipher block chain message Complete code protocol) message authentication code replaced, The RC4 encryption algorithm is also replaced by AES.

In WPA/WPA2, the generation of PTK is dependent on the PMK, and the PMK way there are two, one is the PSK mode, that is, the pre-shared key mode (pre-shared Key,psk, also known as personal mode), in this way PMK=PSK The other way, the authentication server and the site are required to negotiate to generate the PMK. Let's look at the difference between WPA and WPA2 by formula:

WPA = IEEE 802.11i Draft 3 = IEEE 802.1x/eap + WEP (optional project)/tkip

WPA2 = IEEE 802.11i = IEEE 802.1x/eap + WEP (optional project)/tkip/ccmp

At present, WPA2 encryption is very good security, as long as your wireless devices support WPA2 encryption, you will experience the most secure wireless network life. Even the hottest "rub network card" is still difficult to rub into your wireless network, users can rest assured that the use.

and a stronger encryption mode.

Perhaps some users have noticed that there is a WPA-PSK (TKIP) +WPA2-PSK (AES) option in the wireless network encryption mode without a line, is it stronger than the WPA2 encryption method? The answer is yes, this is really the strongest wireless encryption method, but because of the compatibility of this encryption mode problem, after the setup is difficult to connect normally, so it is not recommended for ordinary users to choose this encryption method.

Summary: Please encrypt your wireless network

Through the above introduction, I believe you have a wireless network of three encryption methods WEP, WPA, WPA2 have a more comprehensive understanding. For ordinary wireless users, we recommend you choose Wpa-psk (TKIP) and WPA2-PSK (AES) encryption, they can maximize the security of your wireless network, is the best choice at this stage, but if your wireless card does not support WPA/WPA2 encryption, Then 128-bit WEP encryption will be your bottom line, in order not to make your wireless network a "free public WiFi hotspot", please encrypt your wireless network.
Http://blog.sina.com.cn/s/blog_65affcec0101d5l1.html
Http://www.360doc.com/content/12/0216/22/26398_187210517.shtml
Http://www.enet.com.cn/article/2010/0927/A20100927740622.shtml

Wireless network card encryption method WEP WPA/WPA2 Introduction

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.