Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

The Different Flavors of WPA

That's enough background. Let's start talking about WPA. WPA stands for Wi-Fi Protected Access. The original version—WPA—was created by a group organized by the Wi-Fi Alliance. WPA was a stop-gap measure, intended to restore confidence in 802.11 wireless technology that was lost when it was shown that its original security technology—WEP—could be easily compromised.

WPA is based on a subset of IEEE 802.11i, which was slowly crawling toward completion.

WPA2 is an enhanced version of WPA, based on the final, ratified version of IEEE 802.11i. The key difference between WPA and WPA2 is that WPA uses TKIP encryption while WPA2 uses the stronger AES.

Both WPA and WPA2 come in two versions: "Personal" and "Enterprise". The Personal versions are typically referred to as WPA-PSK and WPA2-PSK, with "PSK" meaning "Pre-Shared Key", which is a fancy term for password. The Enterprise versions are commonly referred to as WPA-RADIUS and WPA2-RADIUS because they require a RADIUS server employing one of five different EAP standards. If you want the long story behind why five EAP standards, George Ou's article is suggested reading.

Version Encryption Authentication Pros Cons
WPA-Personal TKIP PSK - Easy to set up
- Wide h/w support
- Weaker encryption
- Weak passwords are susceptible to dictionary-type attacks
WPA-Enterprise TKIP RADIUS+EAP - Robust authentication - Weaker encryption
- Requires RADIUS server
- Difficult to set up
WPA2-Personal AES PSK - Easy to set up
- Strong encryption
- Weak passwords are susceptible to dictionary-type attacks
- Might not be supported on older h/w
WPA2-Enterprise AES RADIUS+EAP - Robust authentication
- Strong encryption
- Might not be supported on older h/w
- Requires RADIUS server
- Difficult to set up
Table 1: Summary of WPA / WPA2 Key Features

Table 1 summarizes the key features and attributes of the four versions. The short story is that you should be using WPA2 if your hardware supports it and WPA2 Enterprise for the most security.

Tip: Our testing of Draft 802.11n products show significant throughput reduction when using WEP or WPA wireless security. You'll need to use WPA2 (either Personal or Enterprise) in order to minimize throughput loss—which can still run up to around 20% with some products.

The good news is that, with a few exceptions, all current-generation "Wi-Fi" products support at least WPA2 Personal. The bad news is that there are many wireless LAN products out there that can't be upgraded to support WPA2. Sometimes this is because their vendors have not produced the required driver and firmware updates. But there are also older products such as Wi-Fi VoIP phones and media players whose chipsets can't handle the higher number-crunching requirements of AES.

If you find yourself in this situation, your only options are to contact the problem product's vendor and ask if there is a WPA2 update available. If there isn't, see if there is a WPA upgrade. Newer Wi-Fi access points and routers will allow you to run a mix of WPA and WPA2 clients. (They won't allow you to mix WEP and either WPA or WPA2.) If neither WPA or WPA2 is available, you'll need to replace the product with one that supports WPA2.

Conclusion

I have set up the basic concepts behind why your wireless network needs strong encryption and authentication and provided some background on how the authentication and encryption process works. In Part 2, I'll show you how to tie all of this together and set up FreeRADIUS (which really is Free, except for the computer you need to run it on) to implement WPA2-Enterprise and add industrial-strength security to your wireless network.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi There,Update 2020/08/06386 rc2-3 firmware is in this linkhttps://drive.google.com/drive/folders/154vHdrYh_rGP_qFooHgAkzXSJchge7Ue?usp=sharingChange...
I plan to make available a beta version of the next kamoj add-on - if there is enough interest.N.B: Voxel firmware is a pre-requisite, not an option!I...
I was doing some research and was seeing a lot about issues with the 2.4ghz band not working after a while or having very short range (or poor perform...
No matter what I put for upload/download bandwidth on a new RT-AX88U on Merlin 384.18, it will peg the upload speed at my ISP's maximum speed and ping...
Hi to all!I just installed Pyload and Transmission on my RT-AC86U. Now I have a problem. I have to set the router (192.168.1.1) to go to Internet thro...

Don't Miss These

  • 1
  • 2
  • 3