Talk:Wi-Fi Protected Access

From Wikipedia, the free encyclopedia

This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.

	This article is part of WikiProject Computer networking, an attempt to build a comprehensive and detailed guide to Computer networking on Wikipedia. If you would like to participate, you can edit the article attached to this page, or visit the project page, where you can join the project and/or contribute to the discussion.	Computer networking Portal
???	This article has not yet received a rating on the assessment scale.
Mid	This article is on a subject of Mid priority within Computer networking for inclusion in Wikipedia 1.0.
Computer networking To-do: edit  Computer networking Collaboration of the week: Wikipedia:Computer networking Collaboration of the week/current Template:Cnbox contents

Contents 1 Merging Wi-Fi Protected Access with IEEE 802.11i 2 Attacks on WPA 3 WPA or WPA2? 3.1 WPA vs WPA2 - Still unclear on relative security and TKIP/AES relationship. 4 PSK Passphrase 5 How secure is WPA2? 6 WPA-PSK 7 Chop out DiceWare 8 Apple 9 Patent claims on wi-fi protected setup (wps)? 10 Selectively deleting external links..? 11 Dates? 12 Wii 13 Please forgive this simple (minded?) question.....

[edit] Merging Wi-Fi Protected Access with IEEE 802.11i

Regarding merging the WPA page with the IEEE 802.11i, my vote (if any were taken) would be no.

WPA does not implement all the features of IEEE 802.11i (pre-authentication is not supported, for example).

Some of the features WPA implements is also different from 802.11i: the OUI used for the RSN information element, the information element ID used, and the group key is not provided as part of the initial 4-way handshake, are examples of some of the differences between WPA/WPA2 and 802.11i.

There does not appear to be an overlap between the WPA and 802.11i pages. The WPA page discusses Wi-Fi security from the user/admin point of view (i.e., what EAP types to use) while the 802.11i page discusses Wi-Fi security from the technical point of view (4/2-way handshakes, algorithms implemented).

As I see it, users and Wi-Fi administrators would rather read the WPA page while network engineers would rather read the 802.11i page.

So, let's keep the information separate.

Regards, Kam-Yung 2005-11-07

I agree that the WPA and IEEE 802.11i pages should not be merged. WPA and 802.11i are not one in the same and there currently is not much overlap between the pages.

my say is no. 59.93.130.205 15:54, 12 November 2005 (UTC)

I concur that these are two distinct items: WPA/WPA2 are certified, market-driven implementations; 802.11i is a distinct standard that was ratified and exists as a document. I vote no. Glenn Fleishman 1 December 2005

I agree that we shouldn't merge. — Matt Crypto 11:33, 2 December 2005 (UTC)

[edit] Attacks on WPA

I'd like to query this:

However, it is not perfect; attacks remain feasible against RC4, even with large key and IV sizes.

What feasible attacks exist for RC4 as used in WPA? I've found a discussion of weak passphrase choice, but that's not really the protocol's fault per se: [1]. — Matt 23:43, 10 Nov 2004 (UTC)

[edit] WPA or WPA2?

I'm a little bit confused by this passage in the article: "The Wi-Fi Alliance have announced that they will use the term WPA2 to refer to the full IEEE 802.11i standard". Why didn't they just call it WPA and went for the additional number? What's the difference between the two? I'm guessing that there are now 3 things: WEP, WPA and WPA2, right? Could anybody maybe clarify this? Thanks :-) --Andy

I think there are three things. This is my understanding (which could well be flawed): First there was WEP which was found to be very flawed. While working on a new standard, the industry introduced WPA as an intermediate solution to fix the flaws in WEP; WPA implements a subset of the new standard. Eventually, the new standard (IEEE 802.11i) was released, and I believe the Wi-Fi Alliance call this by the alternative name "WEP2""WPA2 (for whatever reason). At least, that's the understanding I ended up with the last time I did some reading on this topic! — Matt Crypto 01:22, 25 Feb 2005 (UTC)

Matt, you mean "WPA2", not "WEP2", right? The main difference between WPA and WPA2 is that the use of AES in WPA2 is a MUST (cf. also Q&A document on [2]). WPA was a snapshot of the development of the IEEE 802.11i standard at that time, since there was a need for immediate "fixing" of the WEP/RC4 protocol weaknesses (can't quote sources for that, aside of my professor's script, sorry). WPA2 is not introduced to fix problems of WPA, though, but rather is the equivalent to 802.11i, according to the same Q&A document.

Since AES is more resource intensive, a lot of equipment can probably not be upgraded by software only. Ub 18:27, 12 Mar 2005 (UTC)

Oops, yes, WPA2, not WEP2 ;-) Darned TLAs (see also WAP...) — Matt Crypto 08:57, 13 Mar 2005 (UTC)

WPA was designed to work with existing WiFi cards (though not all existing base stations). Apple has been able to get WPA working on its original Airport (802.11b) cards, for example. WPA's big weakness is not RC4 but the HMAC it uses, a hash called "Michael," which was admittedly weak, but the most the designers were able to implement on the most anemic WiFi cards in service. In fact, to protect against brute force attacks on Michael, WPA shuts itself down for 30 seconds whenever it detects two attack packets. (I argued at the time that this made the protocal subject to stealthy denial of service attacks.) WPA2 uses strong cryptographic primitives throughout. Long term, WPA2 is unquestionably the way to go, but WPA is a huge step over WEP, which was badly broken. WPA is a good solution for networks until all older cards can be replaced or retired. --agr 05:19, 13 Mar 2005 (UTC)

Comments from Tom Carpenter:

WPA2 is an encryption solution that is based on and meets the requirements of 802.11i. More specifically, it is a certification program provided by the Wi-Fi ALliance that verifies the compliance with 802.11i and the interoperability with other WPA2 certified equipment.

WPA2 requires the use of AES and this is far more secure than WPA's continued use of RC4 with TKIP (Temporal Key Integrity Protocol - used for key rotation on a periodic basis); however, WPA's security is still sufficient for most environments today. There is an exception and that is in government implementations. These installations require FIPS compliance and WPA does not meet this, but WPA2 does.

I hope this further clarification helps, Tom Carpenter - SYSEDCO —The preceding unsigned comment was added by 24.33.129.4 (talk • contribs) 15:53, 20 January 2006 (UTC)

[edit] WPA vs WPA2 - Still unclear on relative security and TKIP/AES relationship.

Some (most, I think) recently-built base stations include multiple versions of WPA-PSK: they can be configured to support TKIP or AES (or both), as well as having a separate WPA2-PSK option, which also has the same choices. (This is the case with the WRT54GL I'm in front of, with DD-WRT on it, and I recall the latest Apple Airport is similar.) So is WPA with AES different from WPA2? The UIs are confusing; I'm not sure if this article could clarify the situation or not. It would be nice if it did. --Elvey 23:13, 10 October 2007 (UTC)

WPA2 uses AES it doesn't use TKIP or the michael algorithim (that is WPA1) —Preceding unsigned comment added by 76.118.191.206 (talk) 18:12, 3 January 2008 (UTC)

[edit] PSK Passphrase

The article says : "The passphrase may be from eight to 63 ASCII characters or 64 hexadecimal digits (256 bits)."

Some equipment does not allow entering a 64 digit key, but ONLY a 63 character passphrase.

An example : The Asus WL-500G Deluxe WLAN router.

Does Windows XP Professional support it ? I set a 64 hex char passphrase on my AP and entered the same key into Windows WPA dialog and got no connection. When I used a shorter passphrase in the same way (same fields in same dialogs), it worked. The AP I used was Canyon CN-WF514.

--213.253.102.145 17:22, 15 November 2005 (UTC)

To be certified as WPA compatible the device MUST accept a 64 charcter passphrase!!!!!!!!!

Just because some equipment may not implement this has nothing to do with the WiFi Alliance defined standard!

[edit] How secure is WPA2?

Are there any known practical or theortical attacks on WPA2? Considering how insecure WEP is this article should definitely have a section dedicated tracking the current opinion on strength or weakness of WPA2. The current article has some discussion on weak passphrases but it is not clear where WPA2 is destine to stand in the pantheon of encryption protocols. Funkyj 06:46, 12 December 2005 (UTC)

I think the intro of the article is pretty clear on this. There are no other issues with WPA2 that i am aware of. 802.11i underwent a through review by the IEEE. If some exploit is published, I expect the article will be updated the same day.--agr 16:25, 15 December 2005 (UTC)

[edit] WPA-PSK

The information about WPA-PSK security in this article does not match what's said in the Wireless security article. 193.217.204.29 14:29, 4 January 2006 (UTC)

The Wireless security is off target .... WPA is fine in PSK mode if used with 64 character hex. It's also fine if you use a 'good' password.

WPA1 has countermeasures to this weakness, this article meant to say WEP... WPA2 is completely immune to this weakness. This article is simply wrong.

[edit] Chop out DiceWare

The references to Diceware seem totally out of place in this section. Diceware never appears in the IEEE standards, it is not a well adopted mechanism. The DiceWare 'strength' is used in place of the WiFi Alliance recommended practices and the abiity to use 64 char hex. —The preceding unsigned comment was added by 70.132.3.231 (talk • contribs) 05:57, 7 February 2006 (UTC)

[edit] Apple

What's all the 'hey look apple support wpa2' promotion doing in this wiki ? I don't think it's wise to build up a list with compatible devices.

[edit] Patent claims on wi-fi protected setup (wps)?

Is anyone asserting patents on this technology? Are there open-source implementations for linux, freebsd, etc? --NealMcB 18:39, 4 May 2007 (UTC)

[edit] Selectively deleting external links..?

I added a link to a free WPA authentication service under 'external links' because people looking for WPA solutions might find that handy. Why would my link be treated as spam where others in the same section are not? Did they donate to wikipedia? Why have external link sections if you are just going to delete them (well, some of them)? —The preceding unsigned comment was added by Wlanmac (talk • contribs) 07:13, 18 May 2007 (UTC)

The WP:SPAM guideline has a subsection called Inclusion of one spam link is not a reason to include another. If it is your site, I would suggest saying more clearly that it is an open source project, because the word "Services" conspicuously displayed at the top of the page implies a commercial site. Further, the FAQ has only one question. --Jtir 09:32, 18 May 2007 (UTC)

But, I ask you... when removing a link because of it being "spam" while others just like appear _right_ above it, how do you decide to remove one and not the others? How is that fair and not being a form of favoritism? What do you have against my project? The services are free, but not open-source... so, I wouldn't say its open source. Besides, links I added to clearly open-source projects have also been recently removed. I just don't understand... it all seems rather arbitrary. I must have been red flags since I (modestly) added links on a couple pages. I am not trying to spam -- rather give real links to open-source projects and free services that directly correspond to the topic at hand. Is that so wrong? —The preceding unsigned comment was added by Wlanmac (talk • contribs) 09:46, 18 May 2007 (UTC)

Please stop adding links to your own website. I'm having this exact same conversation with User:Wlanmac on my talk page User_talk:Requestion#selective_censorship. (Requestion 15:34, 18 May 2007 (UTC))

[edit] Dates?

Can dates be included throughout the article including when standards were implemented, adopted, etc.?

Just seconding the need for dates throughout this article - it just doesnt tell a reader what they need to know without the dates that thing happened. SmithBlue (talk) 10:04, 24 December 2007 (UTC)

[edit] Wii

Since the PS3 is mentioned it is also appropriate to mention the Wii. I connected mine via WPA2 last night and it worked fine. I'm not sure where any documentation on this is located, but it does work.

I also updated it last night, so it is possible it was not a shipping feature, but I do not remember. 75.5.249.156 18:16, 13 October 2007 (UTC)

[edit] Please forgive this simple (minded?) question.....

Does the information at this URL ( http://www.grape-info.com/doc/linux/config/aircrack-ng-0.6.html ) have any relevance to this article?

NBahn (talk) 06:44, 27 March 2008 (UTC)