Section A.11. WPA & 802.11i
A 11 WPA 802 11i
The IEEE began work in 2001 on 802.11i, an amendment to the original 802.11 specifications. It was widely acknowledged that the original security standard of 802.11b, known as WEP (Wired Equivalent Privacy), was inadequate and contained many security holes.
The original version of WPA was devised by the Wi-Fi Alliance in 2002 and was based on a draft version of the IEEE 802.11i protocol. WPA defined a subset of the draft 802.11i and was designed to be implemented on existing Wi-Fi hardware. WPA is an intermediate solution to improve the hopeless security quagmire of WEP while waiting for the full 802.11i standard to be ratified. WPA uses the Temporal Key Integrity Protocol (TKIP) to generate per-packet encryption keys, supports both external or preshared key authentication, and implements new key handshakes.
The IEEE working group approved the full 802.11i specifications in June 2004. The Wi-Fi Alliance has based their new WPA2 standard on the completed 802.11i. WPA2 supports the more robust AES encryption algorithms to replace TKIP. In addition, 802.11i mandates the use of 802.11x authentication. At the time of this writing, access points, wireless cards, and drivers that support WPA2 are just becoming available.
A.11.1. Pros
- WPA and WPA2 provide much improved forms of encryption and authentication.
- WPA is widely supported across Windows, Macintosh, Linux and BSD platforms.
A.11.2. Cons
- WPA2 requires AES encryption, which is very computationally intensive. Many older models of 802.11a/b/g cards and access points are not capable of supporting AES encryption.
A.11.3. Recommendation
If your cards and access points support WPA or WPA2, there is absolutely no reason not to go ahead and use it. You will have a robust form of encryption which is difficult, if not impossible, to hack. You'll also be able to leave behind WEP and its various security holes. The only reason to skip WPA2 is financialif your cards and APs don't support AES encryption, you'll need to upgrade to get the full benefits of WPA2.