What is the difference between WEP and WPA?
What is the difference between WEP and WPA?
To protect data sent via wireless, all access points come equipped with one of three standard encryption schemes: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access 2 (WPA2). Using one protocol rather than the other can make the difference between securing a network and leaving it exposed to snoopers and hackers.
Wired Equivalent Privacy (WEP)
WEP is the oldest and most widely used security protocol worldwide, since it has been the standard for the first generation of wireless networking devices. Originally introduced in September 1999 as the first encryption algorithm for the IEEE 802.11 standard, it was designed to provide a level of security on the same scale as a wired LAN. WEP secured data by encrypting it over radio waves using a standard 40-bit RC4 stream cipher for authentication and encryption. In the beginning, in fact, the U.S. government imposed restrictions on the export of various cryptographic technology, forcing many manufacturers to use this level of encryption. When those restrictions were later lifted, a 104-bit key was made available, and later on, even a 256-bit one.
Despite the many upgrades to the protocol, WEP has always been a very weak form of data protection. Since the encryption keys are static, once packets are intercepted it is relatively simple to deduce what the key is and crack it. Although continuous changes of the WEP key somewhat mitigate this risk, the operation is quite complicated and inconvenient. In addition, with the computing powers of modern processors, the key can still be compromised within a few seconds.
Today, WEP is an outdated technology that does not provide reliable security. Many flaws were identified as early as 2001, with several exploits floating around. In 2005 the FBI publicly demonstrated how easily WEP could be cracked in minutes using free tools. In 2009, a large-scale cyberattack was executed against T.J. Maxx and, since then, the Payment Card Industry Data Security Standard prohibited any organization that processes credit card data from using WEP.
Wi-Fi Protected Access (WPA)
To address the many vulnerabilities of the WEP standard, the WPA was developed and formally adopted in 2003. WPA improved wireless security through the use of 256-bit keys, the Temporal Key Integrity Protocol (TKIP) and the Extensible Authentication Protocol (EAP).
The TKIP is built on a per-packet key system rather than a fixed key one. It scrambles the keys through a hashing algorithm and their integrity is constantly checked. The EAP adds 802.1x user authentication and removes the need to regulate access to a wireless network through the MAC address, an identifier which is quite easy to sniff and steal. EAP makes use of a more robust public-key encryption system to provide authorization to the network. Smaller offices and consumers use a less stringent WPA-PSK (Pre-Shared Key) personal mode which employs pre-shared keys.
Since WPA was built as an upgrade of the WEP that could be rolled out onto existing WEP-protected devices, it has inherited many of its weaknesses. Although it is a much more solid form of protection than WEP, WPA can still be breached in many ways, mostly by attacking the Wi-Fi Protected Setup (WPS). Today, WPA's even more secure successor is the WPA2 protocol.
Have a question? Ask us here.
Written by Claudio Buttice
Dr. Claudio Butticè, Pharm.D., is a former clinical and hospital pharmacist who worked for several large public hospitals in Southern Italy, as well as for the humanitarian NGO Emergency.
He is an accomplished medicine and technology writer who wrote as an author in several encyclopedias, including The SAGE Encyclopedia of Cancer and Society (2015), The SAGE Encyclopedia of World Poverty (2015), and ABC-CLIO Encyclopedia of Science and Technology (in press). He’s also the author of research papers as well as other sociology and anthropology reference textbooks.
An expert freelance journalist, Dr. Butticè wrote for many online newspapers such as The Ring Of Fire, Digital Journal and Business Insider. During his career he also worked as a medical consultant and advisor for many international companies around the world, wrote and designed Continuing Medical Education (CME) courses and taught content writing techniques through webinars.Full Bio