WPA Stands for Wi-Fi Protected Access. It performs the same duty as WEP encryption for a wireless network, with the addition that there are no known attacks which can render the encryption useless. One of the most popular WPA encryption methods is EAP, or Extensible Authentication Protocol. Common encryptions in this protocol are:
- EAP-TLS
This uses TLS certificates to encrypt all the data. Also the only one previously certified by the Wi-Fi Alliance
- EAP-TTLS/MSCHAPv2
TTLS stands for Tunneled Transport Layer Security. It is not an official standard yet. This mechanisim uses PKI certificates on the server's end to authenticate and uses MS-CHAP to encrypt.
- PEAPv0/EAP-MSCHAPv2
This is the second most common form of encryption. PEAP or "peep" stands for Protected Extensible Authentication Protocol. This uses basic SSL certificates to create a SSL tunnel through which authentication data can be negotiated. Then through this tunnel goes MS-CHAP encrypted data.
- PEAPv1/EAP-GTC
- EAP-SIM
EAP-SIM works in much the same way that a GSM cell phone authenticates to a phone network, using a SIM smart card to encrypt the data.
In addition to the above methods, there is another method called Pre-Shared Key mode. In this mode, the user enters a passphrase into both the client and the access point. The key is then reduced from 504 bits (63 characters * 8 bits/character) to 256 bits (using also the SSID) using a hashing function. PSK mode is by far, the easiest method to implement. Almost all modern wireless hardware supports it. The others aren't for everyone, unless you A) Want to be cool, or B) Are paranoid. Corporate environments are excluded.