# WPA Vs. WPA2

WPA and WPA2 are two prime security standards implemented on most Wi-Fi networks. In this article, a comparison between the two is presented, to help you decide which one to go for, when setting up your network. As you will find out, the best choice is WPA2.

Omkar Phatak

Unbreakable

Even with 1 million dollar worth of processors, it would take 2.2 x 1017 years to break WPA2'S 128 bit AES (Advanced Encryption Standard ) by brute force.

*hackable*. Ergo, the WPA2 standard was developed, which is now known to be almost impregnable to brute force attacks.

Difference Between WPA and WPA2

Specs |
WPA |
WPA2 (802.11i) |

Encryption Algorithm | RC4 + Temporal Key Integrity Protocol (TKIP) | Advanced Encryption Standard (AES) |

Type | Stream Cipher | Block Cipher |

Maximum Key Size | 128 Bit | 256 Bit |

All data packets are encrypted with the use of encryption keys at transmission and decrypted at receiving points. The encryption keys consist of a secret key and an 'Initialization Vector (IV)'. Longer the encryption key's bit length, more are the possible permutations and combinations, and stronger is the encryption method. Constant change in encryption keys makes it harder for hackers to crack wireless networks. Let us see how WPA and WPA2 stack up against each other.

Encryption

Every WPA key includes a 48 bit IV key, which creates 500 trillion combinations and is a stronger encryption compared to WEP. With so many combinations, the possibility of the encryption key reuse is lesser and therefore the encryption can endure hacking attacks better than WEP. WPA does not make direct use of the master encryption keys and has a message integrity checking facility.

WPA uses the TKIP (Temporal Key Integrity Protocol) to create encryption keys from passphrases supplied by the administrator, coupled with SSID (service set identifier) codes of wireless networks. For every data packet, 280 trillion possible keys can be generated, using TKIP. However, as smart as hackers are, even WPA was found to be vulnerable to hacking. Security researchers Eric Tews and Martin Beck described their successful hacking of WPA technology in an article at WiSec 2009, using what is now known as a chopchop attack.

To solve the problem, WPA2 was introduced which used the AES (Advanced Encryption Standard) algorithm to encrypt data. The most fundamental difference between WPA and WPA2 lies in the encryption algorithm used to encode data. The AES algorithm is superior to the one used by WPA. It is advertised to be theoretically uncrackable due to the greater degree of randomness in encryption keys that it generates. One of the reasons being the fact that it is a block cipher, which encrypts an entire bunch of text at once, unlike WPA's stream cipher that encodes one character at a time. Moreover, it is kind of a 'shape-shifting' algorithm, technically known as 'substitution permutation network'. It uses encryption keys of different sizes (128, 192 and 256 bits) iteratively, in varying number of rounds (9, 11, 13 rounds respectively). Encryption bits are substituted, rearranged and mathematical operations like multiplications are performed to further randomize the process. All this makes WPA2 the most hardest cipher to crack.

WPA uses the TKIP (Temporal Key Integrity Protocol) to create encryption keys from passphrases supplied by the administrator, coupled with SSID (service set identifier) codes of wireless networks. For every data packet, 280 trillion possible keys can be generated, using TKIP. However, as smart as hackers are, even WPA was found to be vulnerable to hacking. Security researchers Eric Tews and Martin Beck described their successful hacking of WPA technology in an article at WiSec 2009, using what is now known as a chopchop attack.

To solve the problem, WPA2 was introduced which used the AES (Advanced Encryption Standard) algorithm to encrypt data. The most fundamental difference between WPA and WPA2 lies in the encryption algorithm used to encode data. The AES algorithm is superior to the one used by WPA. It is advertised to be theoretically uncrackable due to the greater degree of randomness in encryption keys that it generates. One of the reasons being the fact that it is a block cipher, which encrypts an entire bunch of text at once, unlike WPA's stream cipher that encodes one character at a time. Moreover, it is kind of a 'shape-shifting' algorithm, technically known as 'substitution permutation network'. It uses encryption keys of different sizes (128, 192 and 256 bits) iteratively, in varying number of rounds (9, 11, 13 rounds respectively). Encryption bits are substituted, rearranged and mathematical operations like multiplications are performed to further randomize the process. All this makes WPA2 the most hardest cipher to crack.

Speed & Performance Comparison

WPA2 requires greater processing power compared to WPA and it can slow down a network slightly with hardware that is not in sync with WPA2. So if you are using old wireless routers, with firmware upgrades, chances are that WPA2 might slow down the network if it has heavy usage. If you have new wireless network hardware that is built to be compatible with WPA2, speed slowdowns will be very negligible. The wireless network speed is more dependent on the bandwidth you have purchased. Performance wise, WPA2 is far stronger than WPA due to the inherently superior encryption algorithm. WPA2 wins hands down in terms of performance and is the recommended choice if you are setting up a new wireless network. Interestingly, the time required to break the AES algorithm using 1 million dollar worth of computer chips with a 192 bit encryption key length is 1036 years.