WPA Stands for Wi-Fi Protected Access. It performs the same duty as WEP encryption for a wireless network, with the addition that there are no known attacks which can render the encryption useless. One of the most popular WPA encryption methods is EAP, or Extensible Authentication Protocol. Common encryptions in this protocol are:

  • EAP-TLS

    This uses TLS certificates to encrypt all the data. Also the only one previously certified by the Wi-Fi Alliance

  • EAP-TTLS/MSCHAPv2

    TTLS stands for Tunneled Transport Layer Security. It is not an official standard yet. This mechanisim uses PKI certificates on the server's end to authenticate and uses MS-CHAP to encrypt.

  • PEAPv0/EAP-MSCHAPv2

    This is the second most common form of encryption. PEAP or "peep" stands for Protected Extensible Authentication Protocol. This uses basic SSL certificates to create a SSL tunnel through which authentication data can be negotiated. Then through this tunnel goes MS-CHAP encrypted data.

  • PEAPv1/EAP-GTC

  • EAP-SIM

    EAP-SIM works in much the same way that a GSM cell phone authenticates to a phone network, using a SIM smart card to encrypt the data.

In addition to the above methods, there is another method called Pre-Shared Key mode. In this mode, the user enters a passphrase into both the client and the access point. The key is then reduced from 504 bits (63 characters * 8 bits/character) to 256 bits (using also the SSID) using a hashing function. PSK mode is by far, the easiest method to implement. Almost all modern wireless hardware supports it. The others aren't for everyone, unless you A) Want to be cool, or B) Are paranoid. Corporate environments are excluded.

Log in or register to write something here or to contact authors.