WPA in action - AP "SOHO"

Once you manage to score WPA upgrades for your client and AP or wireless router, you'll need to follow the manufacturer's instructions and install them. So far the APs that I've tested were upgraded via their normal firmware update process. Client adapters have not required firmware upgrades and became WPA-capable by just upgrading their drivers using the normal Windows driver upgrade process.

Figure 2 shows the Security screen of a Belkin F5D7130 54G access point that's received its WPA upgrade and has been set to the WPA-PSK (Pre-Shared Key) mode.

Figure 2: WPA - PSK Authentication

The screenshot shows that setup is pretty easy for WPA-PSK. All you need to do is turn it on, enter an alpha-numeric password between 8 and 63 characters long. The password can even include symbols and spaces!

So what's with the Encryption Technique selector? It seems that Broadcom's implementation for its "54g"-based products includes the optional selection of AES encryption, in addition to the requisite TKIP.

Since AES requires significantly more number-crunching power than WEP, it was not included in the WPA spec for fear that the throughput loss for "legacy" devices would be too great. But since Broadcom has included AES hardware acceleration in its 54g AirForce chipset, it looks like they chose to offer it as an option. (You'll see why later...)

The story on AES support for other chipset manufacturers is:

Atheros' 11g and a/b/g chipsets also include AES hardware processing and will also offer AES as a WPA encryption option.

Although Intersil also has AES hardware in its GT and Duette chipsets, the 11g reference designs they supplied to me for testing didn't offer AES as a WPA encryption option.

Finally, TI didn't respond to my query, so I can't say whether its 11g chipset - which includes AES hardware processing - will be offering the AES option.

That's all there is to the AP end for WPA-PSK. Next I'll cover the slightly more complicated "Enterprise" AP setup.