WPA and WPA2 are two prime security standards implemented on most Wi-Fi networks. In this article, a comparison between the two is presented, to help you decide which one to go for, when setting up your network. As you will find out, the best choice is WPA2.
Even with 1 million dollar worth of processors, it would take 2.2 x 1017 years to break WPA2’S 128 bit AES (Advanced Encryption Standard ) by brute force.
A wireless network transmits signals over radio waves, bringing in a possibility or in most cases, a certainty of attempts being made to intercept signals and hack your network. To safeguard a network from such attacks, installation of a wireless security standard like WPA or WPA2 is imperative. These encryption technologies are built to protect the data transmitted on the network and can act as an effective bulwark against the nefarious schemes of hackers.
Since the beginning of wireless telegraphy and radio communication, the threat of data being intercepted and stolen for malicious purposes has always been a reality. To counter these threats, with the advent of wireless networking, encryption methods were developed to prevent data theft. Cryptology developed as a science to counter these hacking attempts made on wireless transmissions. Data encryption for information security is constantly evolving to meet the challenge posed by advanced hacking methods. To protect wireless networks, first the WEP (Wired Equivalent Privacy) technology was developed. It was a 40 bit encryption that used a RC4 stream cipher algorithm.
However, WEP proved to be inadequate and was easily hacked due to inherent flaws in the encryption methods. WPA (Wi-Fi Protected Access) was developed as an improvement over WEP for the IEEE 802.11i wireless network standard. It was indeed much more robust than WEP, but it was also demonstrated to be easily hackable. Ergo, the WPA2 standard was developed, which is now known to be almost impregnable to brute force attacks.
Difference Between WPA and WPA2
|Encryption Algorithm||RC4 + Temporal Key Integrity Protocol (TKIP)||Advanced Encryption Standard (AES)|
|Type||Stream Cipher||Block Cipher|
|Maximum Key Size||128 Bit||256 Bit|
All data packets are encrypted with the use of encryption keys at transmission and decrypted at receiving points. The encryption keys consist of a secret key and an ‘Initialization Vector (IV)’. Longer the encryption key’s bit length, more are the possible permutations and combinations, and stronger is the encryption method. Constant change in encryption keys makes it harder for hackers to crack wireless networks. Let us see how WPA and WPA2 stack up against each other.
Every WPA key includes a 48 bit IV key, which creates 500 trillion combinations and is a stronger encryption compared to WEP. With so many combinations, the possibility of the encryption key reuse is lesser and therefore the encryption can endure hacking attacks better than WEP. WPA does not make direct use of the master encryption keys and has a message integrity checking facility.
WPA uses the TKIP (Temporal Key Integrity Protocol) to create encryption keys from passphrases supplied by the administrator, coupled with SSID (service set identifier) codes of wireless networks. For every data packet, 280 trillion possible keys can be generated, using TKIP. However, as smart as hackers are, even WPA was found to be vulnerable to hacking. Security researchers Eric Tews and Martin Beck described their successful hacking of WPA technology in an article at WiSec 2009, using what is now known as a chopchop attack.
To solve the problem, WPA2 was introduced which used the AES (Advanced Encryption Standard) algorithm to encrypt data. The most fundamental difference between WPA and WPA2 lies in the encryption algorithm used to encode data. The AES algorithm is superior to the one used by WPA. It is advertised to be theoretically uncrackable due to the greater degree of randomness in encryption keys that it generates. One of the reasons being the fact that it is a block cipher, which encrypts an entire bunch of text at once, unlike WPA’s stream cipher that encodes one character at a time. Moreover, it is kind of a ‘shape-shifting’ algorithm, technically known as ‘substitution permutation network’. It uses encryption keys of different sizes (128, 192 and 256 bits) iteratively, in varying number of rounds (9, 11, 13 rounds respectively). Encryption bits are substituted, rearranged and mathematical operations like multiplications are performed to further randomize the process. All this makes WPA2 the most hardest cipher to crack.
Speed & Performance Comparison
WPA2 requires greater processing power compared to WPA and it can slow down a network slightly with hardware that is not in sync with WPA2. So if you are using old wireless routers, with firmware upgrades, chances are that WPA2 might slow down the network if it has heavy usage. If you have new wireless network hardware that is built to be compatible with WPA2, speed slowdowns will be very negligible. The wireless network speed is more dependent on the bandwidth you have purchased. Performance wise, WPA2 is far stronger than WPA due to the inherently superior encryption algorithm. WPA2 wins hands down in terms of performance and is the recommended choice if you are setting up a new wireless network. Interestingly, the time required to break the AES algorithm using 1 million dollar worth of computer chips with a 192 bit encryption key length is 1036 years.
WPA2 is the superior technology with a stronger encryption algorithm. If your wireless network lies in a high risk zone, it is best that you opt for the latest WPA2 encryption technology.