What Is The Size Of The Secret Key Used In Wep Encryption? (Choose Two)

WPA Key, WPA2, WPA3, and WEP Key: Wi-Fi Security Explained

Setting up new Wi-Fi? Picking the type of password you need can seem like an capricious choice. After all, WEP, WPA, WPA2, and WPA3 all take generally the same letters in them.

A countersign is a countersign, so what's the difference? Almost 60 seconds to billions of years, as it turns out.

All Wi-Fi encryption is not created equal. Let'due south explore what makes these four acronyms then unlike, and how y'all can best protect your home and system Wi-Fi.

Wired Equivalent Privacy (WEP)

In the beginning, there was WEP.

Wired Equivalent Privacy is a deprecated security algorithm from 1997 that was intended to provide equivalent security to a wired connection. "Deprecated" means, "Allow's not practise that anymore."

Fifty-fifty when it was first introduced, information technology was known not to be equally strong as it could have been, for 2 reasons:

its underlying encryption mechanism, and
Earth War II.

During Earth War II, the impact of lawmaking breaking (or cryptanalysis) was huge. Governments reacted by attempting to keep their best hush-hush-sauce recipes at home.

Around the fourth dimension of WEP, U.S. Government restrictions on the export of cryptographic technology caused access point manufacturers to limit their devices to 64-bit encryption. Though this was later lifted to 128-fleck, even this form of encryption offered a very express possible fundamental size.

This proved problematic for WEP. The small primal size resulted in being easier to animal-force, especially when that key doesn't oftentimes change.

WEP's underlying encryption mechanism is the RC4 stream naught. This nada gained popularity due to its speed and simplicity, merely that came at a cost.

Information technology's not the nearly robust algorithm. WEP employs a unmarried shared key amongst its users that must be manually entered on an access betoken device. (When's the last time you changed your Wi-Fi password? Correct.)

WEP didn't help matters either by simply concatenating the key with the initialization vector – which is to say, it sort of mashed its secret-sauce bits together and hoped for the best.

Initialization Vector (IV): fixed-size input to a depression-level cryptographic algorithm, usually random.

Combined with the use of RC4, this left WEP particularly susceptible to related-central set on. In the case of 128-fleck WEP, your Wi-Fi password can be cracked by publicly-available tools in a matter of around sixty seconds to three minutes.

While some devices came to offer 152-bit or 256-bit WEP variants, this failed to solve the fundamental bug of WEP's underlying encryption machinery.

So, yeah. Let's non do that anymore.

Wi-Fi Protected Access (WPA)

A new, interim standard sought to temporarily "patch" the trouble of WEP's (lack of) security. The name Wi-Fi Protected Access (WPA) certainly sounds more secure, and so that's a good start. Notwithstanding, WPA commencement started out with another, more than descriptive name.

Ratified in a 2004 IEEE standard, Temporal Fundamental Integrity Protocol (TKIP) uses a dynamically-generated, per-packet central. Each packet sent has a unique temporal 128-bit primal, (See? Descriptive!) that solves the susceptibility to related-key attacks brought on by WEP'southward shared fundamental mashing.

TKIP besides implements other measures, such every bit a bulletin authentication lawmaking (MAC). Sometimes known every bit a checksum, a MAC provides a cryptographic way to verify that messages haven't been changed.

In TKIP, an invalid MAC tin also trigger rekeying of the session key. If the access point receives an invalid MAC twice inside a minute, the attempted intrusion tin can be countered by changing the key an aggressor is trying to crack.

Unfortunately, in social club to preserve compatibility with the existing hardware that WPA was meant to "patch," TKIP retained the apply of the same underlying encryption mechanism as WEP – the RC4 stream nil.

While it certainly improved on the weaknesses of WEP, TKIP eventually proved vulnerable to new attacks that extended previous attacks on WEP.

These attacks accept a little longer to execute by comparison: for instance, twelve minutes in the case of one, and 52 hours in another. This is more than sufficient, notwithstanding, to deem TKIP no longer secure.

WPA, or TKIP, has since been deprecated equally well. Then let'southward also not do that anymore.

Which brings usa to…

Wi-Fi Protected Admission II (WPA2)

Rather than spend the try to come up with an entirely new name, the improved Wi-Fi Protected Admission Two (WPA2) standard instead focuses on using a new underlying cipher.

Instead of the RC4 stream zippo, WPA2 employs a block aught called Avant-garde Encryption Standard (AES) to course the basis of its encryption protocol.

The protocol itself, abbreviated CCMP, draws virtually of its security from the length of its rather long name (I'chiliad kidding): Counter Style Nada Block Chaining Message Authentication Lawmaking Protocol, which shortens to Counter Mode CBC-MAC Protocol, or CCM mode Protocol, or CCMP. ?

CCM mode is essentially a combination of a few good ideas. It provides data confidentiality through CTR manner, or counter mode. To vastly oversimplify, this adds complexity to plaintext data by encrypting the successive values of a count sequence that does not echo.

CCM likewise integrates CBC-MAC, a block cipher method for constructing a MAC.

AES itself is on expert ground. The AES specification was established in 2001 by the U.S. National Establish of Standards and Technology (NIST). They made their choice after a 5-year competitive selection process during which fifteen proposals for algorithm designs were evaluated.

As a result of this procedure, a family of ciphers called Rijndael (Dutch) was selected, and a subset of these became AES.

For the better role of 2 decades, AES has been used to protect every-solar day Internet traffic as well as certain levels of classified information in the U.S. Government.

While possible attacks on AES have been described, none have yet been proven to exist applied in real-earth utilise. The fastest attack on AES in public cognition is a key-recovery assail that improved on brute-forcing AES by a factor of about four. How long would it have? Some billions of years.

Wi-Fi Protected Access III (WPA3)

The next installment of the WPA trilogy has been required for new devices since July 1, 2020. Expected to further heighten the security of WPA2, the WPA3 standard seeks to improve password security by existence more than resilient to give-and-take listing or dictionary attacks.

Different its predecessors, WPA3 will also offering forrad secrecy. This adds the considerable benefit of protecting previously exchanged information even if a long-term secret key is compromised.

Forwards secrecy is already provided by protocols like TLS by using asymmetric keys to establish shared keys. You tin learn more nearly TLS in this postal service.

As WPA2 has not been deprecated, then both WPA2 and WPA3 remain your peak choices for Wi-Fi security.

If the other ones are no good, why are they still around?

You may be wondering why your access point even allows you to choose an option other than WPA2 or WPA3. The likely reason is that you're using legacy hardware, which is what tech people telephone call your mom'south router.

Since the deprecation of WEP and WPA occurred rather recently, it's possible in large organizations besides as your parent's business firm to find older hardware that still uses these protocols. Even newer hardware may have a business organization need to back up these older protocols.

While I may be able to convince you lot to invest in a shiny new top-of-the-line Wi-Fi apparatus, most organizations are a different story. Unfortunately, many simply aren't however cognizant of the important part cybersecurity plays in coming together customer needs and boosting that bottom line.

Additionally, switching to newer protocols may require new internal hardware or firmware upgrades. Especially on complex systems in large organizations, upgrading devices can be financially or strategically difficult.

Boost your Wi-Fi security

If it's an option, choose WPA2 or WPA3. Cybersecurity is a field that evolves past the 24-hour interval, and getting stuck in the by tin can accept dire consequences.

If you can't use WPA2 or WPA3, do the best you tin can to take boosted security measures.

The all-time blindside for your buck is to employ a Virtual Private Network (VPN). Using a VPN is a good idea no matter which type of Wi-Fi encryption you have. On open Wi-Fi (coffee shops) and using WEP, information technology's plain irresponsible to go without a VPN.

It's kind of like shouting out your bank details as you lot order your 2d cappuccino.

A cartoon of shouting out your bank details at a coffeeshop.

Choose a VPN provider that offers a feature similar a kill switch that blocks your network traffic if your VPN becomes disconnected. This prevents yous from accidentally transmitting information on an insecure connection like open Wi-Fi or WEP. I wrote more about my top three considerations for choosing my VPN in this post.

When possible, ensure you but connect to known networks that you or your organization control.

Many cybersecurity attacks are executed when victims connect to an fake public Wi-Fi admission betoken, also chosen an evil twin set on, or Wi-Fi phishing.

These faux hotspots are easily created using publicly attainable programs and tools. A VPN can help mitigate damage from these attacks as well, but information technology's always ameliorate not to take the risk.

If you lot travel frequently, consider purchasing a portable hotspot that uses a cellular data plan, or using data SIM cards for all your devices.

Much more than than just acronyms

WEP, WPA, WPA2, and WPA3 mean a lot more than than a bunch of similar messages – in some cases, it's a deviation of billions of years minus nearly 60 seconds.

On more of a at present-ish timescale, I promise I've taught you something new near the security of your Wi-Fi and how you can improve it!

If you enjoyed this post, I'd dear to know. Join the thousands of people who larn forth with me on victoria.dev! Visit or subscribe via RSS for more programming, cybersecurity, and cartoon dad jokes.

Learn to code for free. freeCodeCamp's open source curriculum has helped more than than xl,000 people get jobs as developers. Become started