Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Basics

Better than WEP

Article after article, wardrive after wardrive has documented the fact that most wireless networkers don't enable WEP. In my opinion, this isn't because of WEP's infamous encryption weaknesses, but more due to the fact that there isn't a consistent WEP administration method among WLAN products, including those that carry the Wi-Fi CERTIFIED mark. Some products require Hexadecimal codes, other accept alphanumeric "passphrases"... aaaah, don't get me started! And forget about managing the process of changing WEP keys, even in a home-sized network, let along a corporate one!! Add in the fact that some wireless products suffer a WEP-enabled throughput reduction of up to 50%, and you can see why WEP has such a bad reputation.

To address this part of the WLAN security problem, WPA chose Temporal Key Integrity Protocol (TKIP). TKIP takes a master key (I'll talk about where that comes from shortly) as a starting point then derives its encryption keys mathematically from the master key. TKIP then regularly changes the encryption keys so that the same encryption key is never used twice. This all happens in the background automatically, which is as it should be!

Although it'll still be standard ol' 64 and 128 bit WEP doing the actual encryption, TKIP goes a long way toward making WEP more effective as an encryption mechanism. It remains to be seen, however, whether TKIP will cause a throughput reduction. One of the sources I consulted for this article said that this was one of the issues that had made the 802.11i committee reluctant to release TKIP, and remains a significant obstacle for the real encryption fix, AES.

I've asked a number of vendors whether TKIP will cause a throughput hit, but no one has yet responded. My guess is that the answer will depend on the hardware you have, and more specifically the chipset it uses. If you presently see a throughput reduction when you enable WEP, you'll probably see an additional hit when you upgrade to WPA and TKIP starts doing its thing. Products using older Intersil PRISM or PRISM II, or Lucent / Agere Systems chipsets would be the most likely candidates for an additional throughput trim. What happens to WLAN equipment using newer chipsets (Intersil PRISM 2.5 and above, TI ACX-100, Atheros AR5001X) that presently handle WEP without flinching is anyone's guess.

But hardening WEP is only part of the WPA story. The other half is the authentication mechanism.

More Basics

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi guys,First time posting in the forums (but long time obsessing over its contents ).I'm one of the hundreds of people with an AC68U. I've just signe...
The Spectre flaw is here to stay apparently https://arxiv.org/abs/1902.05178
I was wondering if I can downgrade a guest network to Legacy while keeping N for main wifi.Why would I be interested in such a setup: I got LIFX bulbs...
Is there a way to set up a VPN client connection at the command line. I'd like to be able to read an ovpn file and write the configuration using a scr...
I come back to WOWLAN once in awhile hoping I can get it working. It works perfectly, perhaps too well since it keeps unintentionally waking up from t...

Don't Miss These

  • 1
  • 2
  • 3