dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
35626

Birds0
join:2004-10-23

2 edits

1 recommendation

Birds0

Member

WPA and WPA2

The terms "WPA" and "WPA2" come up quite a bit but there really hasn't been a discussion (or FAQ) covering what comprises each one, or how they are different.

Feel free to add or correct this breakdown as needed:

WPA
- Preshared Key (PSK)
- can use 802.1X authentication (EAP via RADIUS)
- TKIP encryption required
also possible but not widely talked about or supported by vendors
- a possibility to use a form of AES-CCMP if the chipset on the network card, client supplicant, and router all support it

WPA2
- Preshared Key (PSK)
- can use 802.1X authentication (EAP via RADIUS)
- TKIP encryption retained for backwards compatibility
- AES-CCMP encryption required

Hardware
WPA and WPA2 can only be implemented if the router and network card supports either one, and if the client software for the card (or a third party supplicant) supports either one.

Because hardware supports WPA does not mean it will support WPA2.

WPA2 hardware will support WPA.

General Question
If you find your setup supports WPA using AES-CCMP encryption, and then you add in 802.1X authentication using EAP-TLS, TTLS, or PEAP; have you basically stepped up to WPA2 security?
Tom Mc
join:2004-06-17

Tom Mc

Member

If you have WPA - AES, such as when using the WRT54G and WPC54G, is this the same as WPA2? If not, is it somehow weaker?

Birds0
join:2004-10-23

Birds0

Member

That's probably a good question to ask the vendors of your hardware and software (if they can even answer it).

I know in my case it is not the same implementation of AES-CCMP that is approved for WPA2. What I am running is an early form of AES-CCMP that was released before WPA2 was nailed down. So it is not the final "official" WPA2 version. I know that in my case, with my particular setup, the CCMP block cipher support is not the full block cipher support found in the final "official" version for WPA2.

My hardware won't run WPA2 (I've tried), and isn't WPA2 certified.

These early implementations of AES don't always use CCMP. It wasn't until I upgraded my router to a third party firmware that I even saw this level of CCMP when using AES. Prior to the firmware upgrade AES was using a combination of WEP and TKIP (which I still don't understand).

Is what I am running stronger than TKIP? According to the vendor of what I use, this implementation of AES-CCMP should be a better choice over TKIP in my case.

Is it a level of encryption that I am comfortable with for a home network? Yes.
Test Eng
join:2005-02-02
England

Test Eng

Member

I had a prob with a "wpa" certified device from belkin.
They told me after I had WPA AES running that the device didnt support AES mode! (and it only sain WPA on the box)

Anyway to cut a long story short, i had to upgrade to a Pre-N device which then supported WPA2 and in Belkin's reply...was WPA-PSK (or radius) with AES.

So yes you are quite correct WPA is TKIP (moded WEP).

WPA2 is definalty AES compliant. It is suggested if you can to use AES mode as it is the best to date.

I personally will not trust TKIP, if you read the oodles of info on it on the net you will find out why;)

(I am not going to go in to any further depths here on algorithms as I may unwittingly break encryption export laws.)

crankwalk
wot?
join:2005-01-26
Rockville, MD

1 edit

crankwalk

Member

hello Test Eng, what Belkin device was it? I am currently running what seems to be WPA-PSK AES. My Belkin router is a F5D7230-4, I didn't even know it did AES. I was using TKIP for a while until coming to this forum and exploring my router setup pages. It had an option to use AES encryption so I enabled it, and reconfigured my laptop and it "seems" to be working fine. I have no clue if it supports CCMP.. probably not, its just a low-end consumer router... but how could one check?

*edit* o yea and i'm not using any 3rd party supplicant, just XP home wireless configuration on a built-in Broadcom based G card in my lappy..
Test Eng
join:2005-02-02
England

Test Eng

Member

Yes that was the 7230-4 that had it on there, but Belkin denied knowledge of its existance.

I used Microsofts patch and wireless setup to connect to it.

same for 8230-4 Pre-n, it works better than the manufacturers utility. so i always use it now

crankwalk
wot?
join:2005-01-26
Rockville, MD

4 edits

crankwalk to Birds0

Member

to Birds0
hey Test Eng i'm having a hard time understanding what the issue was with your old F5D7230-4 then... your previous post said you had AES up and running but then Belkin tech support told you AES doesn't exist? Does that mean that even though there is an AES option on that router, it doesn't really do AES although it appears to? Or did your setup just NOT have an AES option at all for WPA encryption type (Just TKIP)? -- maybe you needed a firmware update, I just got this router like last month.. v1444 it says on the bottom

*edit* To Birds: sorry didn't meant to hijack your thread
with Belkin speak...
Test Eng
join:2005-02-02
England

Test Eng

Member

No sorry i confused you

Want I meant was that I purchased the 7230-4 and foound it had WPA, but actually had an AES setting that appeared to work ok

I queried this with Belkin and they said (I will try to hook out the mail if i have it still) that the 7230-4 did not support AES....

So I was not sure if it actually did or not.

They suggested the Pre-N model that definatly supports AES.

I found out about a week after that belkin bought out an addendum to the 7230-4 encryption modes....a pdf telling you to use the Microsoft "patch" and use the Wireless network wizard to get it working...

So it does actually support it. But belkin appeared to tell me one thing and do another

sorry for the confusing description
Test Eng

Test Eng to crankwalk

Member

to crankwalk
I mean WPA as TKIP only and WPA2 as AES and TKIP by the way

So the confusion came from the box saying it had WPA, as in TKIP, but in the actual security menu it had AES mode too.

Belkin obviously changed something just at the point when i got mine. I expect later versions support WPA and WPA2
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm

Premium Member

said by Test Eng:

I mean WPA as TKIP only and WPA2 as AES and TKIP by the way
Not quite true. AES-CCM is IN WPA, but not TESTED by WiFi.
So the confusion came from the box saying it had WPA, as in TKIP, but in the actual security menu it had AES mode too.
The confusion comes in confusing the 3 aspects of WPA and WPA2 (aka 802.11i)
Belkin obviously changed something just at the point when i got mine. I expect later versions support WPA and WPA2
WPA and WPA2 have 3 security components:

Authentication
Key Establishment
Datagram protection

Although there is a difference in Key Establishment between WPA and WPA2, you really don't care. In WPA2 we have it working faster and supporting pre-cached PSKs.

In datagram protection the choices are: TKIP with Michael (just called TKIP) and AES-128 in CCM mode (called AES or CCMP). Both are in WPA, but only TKIP is 'certified'. There were no changes in TKIP between WPA and WPA2. With CCM we cleaned up some issues that improves pipelining, but is not a change to the algorithm or the security boundaries.

In authentication, thee first choice is full 802.1X or Preshared keys (technically, the Key Exchange uses 802.1X KEY frames, so you are always engaging some part of 802.1X but this is quibbling).

In 802.1X there is the choice of EAP method and basically it comes down to 3 open methods: TLS, PEAP, or TTLS. Of course, both PEAP and TTLS have imbedded methods, so the is even another tree branch!

Vendors would do a great service to separate Authentication from datagram protection, as by munging it all together they confuse instead of simplify (as each vendor calls everything by different names!)

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Thanks DSLrgm that cleared things up.

I would say England, that your a victim of your own doing, chasing technology that has not been 'certified'. You probably will continue to run into these sorts of issues by buying PRE- anything.

As to stating WPA-TKIP is not safe, I have not seen anything to state that and yet you clearly have an 'opinion'. I don't see oodles of anything but I sure smell some baloney

My undestanding is that either is feasible at this point in time and that WPA-TKIP will remain feasible for the next 2-3 years, whereas WPA-CCMP has a longer viable lifespan. At the rate your going through appliances, I doubt its an issue.
Test Eng
join:2005-02-02
England

Test Eng

Member

I personally have had no probs with the Pre-N stuff...

So I am happy running AES WPA2...

Thanks DSLrgm, you obviously have more insight than me on this issue, thanks for making sure I know whats right now
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm

Premium Member

said by Test Eng:

Thanks DSLrgm, you obviously have more insight than me on this issue, thanks for making sure I know whats right now
Disclaimer:

You will find my name listed as one of the contributors to 802.11i....
Test Eng
join:2005-02-02
England

Test Eng to Anav

Member

to Anav
Anav, My doubts about TKIP are based upon it still, presumably from what i have seen/read personally, using the same base algorithm as WEP, but with the additions DSLrgm (thanks again) had pointed out in reply to me. Its well known that SSL has security issues to for the same reason.

AES on the other hand has had no real bad press to date as far as i know, unless you know better? and from what you say you obviously think you do so tell me more...

(I am not generally in the game of spreading disinformation normally, if someone feels the need to correct my errors then i am happy, if its constructive...to eat my hat and take on board the correct info.)

pmw2
@cox.net

pmw2

Anon

Your doubts about TKIP, simply because it uses the same "base algorithm" as WEP, are unfounded. WEP's weaknesses were never the "base algorithm". Rather the specific implementation. The devil is in the details. These weaknesses have been well and truly addressed in TKIP. WPA-TKIP to this day remains uncracked by any means other than a dictionary attack on a passphrase that the user made too simple. I should also point out that WPA-AES is just as vulnerable to that attack.

Also, WEP's weaknesses have nothing to do with any SSL weaknesses.

N.X.

P.S. AES has no bad press, mostly because it's very rare for anyone to be using it.
Tom Mc
join:2004-06-17

Tom Mc

Member

said by pmw2:

P.S. AES has no bad press, mostly because it's very rare for anyone to be using it.
AES use is not as rare as you may think. Among other uses, it is the default symmetric algorithm in what is commonly considered the world's most secure commercial encryption software: PGP
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm to Birds0

Premium Member

to Birds0
The devil is truly in the details. I teach a crypto class and I believe my students 'get it'.

WEP had multiple failure points:

Key derivation per datagram
CRC instead of cryptographic MIC
No integrity check on datagram headers

Now TKIP addresses only the first point, and it does a great job of it. Michael addresses the other 2 issues, but only in a 32 bit field.

Saying AES is not adequate. You need to know the mode of operation. And if the mode is just an encryption mode, you still have the MIC to work out!

Well in 802.11i, we CREATED a new mode, CCM. There is an RFC describing it, and we got FIPS approval for it.

There are a lot of people out there that talk a tale about TKIP and just do not have the details. NIST's postion on TKIP is understandable, RC4 will never be FIPS, and the MIC was created to shoehorn into the available CRC field; even though it was designed by one of the best in the world on such work. But for non-high security environments, TKIP could carry you for at least a year.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

DSLrgm, when was WPA officially certified? Same for WPA 2?
Hopefully you guys will certify a little quicker before they security expire LOL. Start flying supersonic flts your wasting too much time at airports.
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm

Premium Member

said by Anav:

DSLrgm, when was WPA officially certified? Same for WPA 2?
WPA certification started jun '03 and shipping in Dec '03

WPA2 started in Sep '04 and just started shipping.

However, the XP beta code for WPA2 just came out with a 6 month delivery. Some vendors code will provide that functionality now instead of waiting form M$

Birds0
join:2004-10-23

2 edits

Birds0

Member

Scenario:

Bob brings home his consumer grade WPA certified router wanting to use TKIP.

Because of the combination of client software and the latest router firmware, he notices that he has AES as an option for both the client and AP.

Bob changes to AES and the client software is telling him he is using AES-CCMP.

His router and hardware are not WPA2 certified and do not work with WPA2 products. (Alice made him try)

Question:

1) Is Bob running the same version of AES-CCMP as is approved for WPA2 except for the piplining cleanup

2) Is CCMP always CCMP, or does Bob's implementation of the CCMP block cipher depend on what the vendor included with the supplicant, and what was done with the router firmware?

3) Can Bob's WPA implementation of CCMP be crippled by the vendors (since his equipment is not WPA2 approved), and end up being weaker than TKIP without his knowing it?
Test Eng
join:2005-02-02
England

Test Eng to pmw2

Member

to pmw2
Thats a fair point, although doesnt the SSL use the same too(its a differrent implementation, but have they not both been cracked, is this not relevant)? Or this another misnomer?

dont know the mode of the AES in WPA.

The basic principle of this is "Do YOU trust the algorithm?" thats a question only you can answer, We dont trust TKIP for apparent "narrow minded" and paranoid reasons but surely the way to go is with the most secure, but then again this could be comprimised...

Why so anti AES? Is this because you havent got the facility?

We just want to make sure the people who really want to get in, dont.

pmw2
@cox.net

pmw2

Anon

I object to the lumping of WEP and SSL together, as if there's one technique that cracks both of them, or the same weakness that leads to cracking both. SSL has been cracked in short key length implementation, via brute force. Since WEP with 104 bit key length is common, this is the one to attack and it will not yield to brute force attack. I don't see any similarities. I don't see any reason to refer to them together. There are methods to crack WEP and they're wholly inapplicable to SSL.

I agree that the way to go, is the most secure available. I'm not anti-AES. I have it. I use it. I would not characterize an installation's security as inadequate, just for using WPA-TKIP. I would if they were using WEP, though. At the first report of an executed successful attack on WPA-TKIP (other than dictionary), I'll change my tune. For now, WPA-TKIP is secure.

N.X.
pmw2

pmw2 to Tom Mc

Anon

to Tom Mc
Yes, I should have said WPA-AES is somewhat rare. Non-WIFI use of AES is common enough. Still, I wouldn't read anything into the lack of bad press. Just because nobody has yet implemented AES as badly as WEP implemented encryption, does not infer any greater security. The sum total of bad press for WPA-TKIP is in the publication of an idiotic article revealing that choosing a too short passphrase, makes a dictionary attack feasible. The authors forgot to mention that this same weakness apples to WPA-AES.

N.X.
Test Eng
join:2005-02-02
England

Test Eng

Member

you are quite right, the system is only as strong as the weakest link. A poor implemenataion of either, due to the user either lacking knowledge or not caring, can lead to weakness.

The "similarities" between the implemented versions are NOT the same in principle..and I am sorry if I didnt put my point accross properly. What I an tyring to say badly is, using an analogy:

Its like puegeot and citreon cars ,over here, have the same engine blocks in their cars, but they implement each differently, giving different performance and reliability etc, but again (and I dont know wether you have these makes of cars) I know after owning both, that they have similar underlying problems even though they have different engine management etc (like the additonal "wrapping" and implementations of WEP and TKIP. (maybe this is not a good analogy?)

Can you not see my point? I would rather not use either after sampling them, I would go for something more (aledgedly) robust, personally of course
DSLrgm
Premium Member
join:2002-08-22
Oak Park, MI

DSLrgm to Birds0

Premium Member

to Birds0
said by Birds0:

His router and hardware are not WPA2 certified and do not work with WPA2 products. (Alice made him try)
Fortunately, the AP announces if it is configured for WPA or WPA2 through an information element in the BEACONs and PROBE RESPONSEs.

Thus the STA can easily determine which 'standard' it needs to respond with.

More specifically, for WPA2, the information element is the 802.11i standard stating RSH mode. For WPA, it is the Vendor OID stating WiFi WPA.
DSLrgm

DSLrgm to pmw2

Premium Member

to pmw2
said by pmw2:

I object to the lumping of WEP and SSL together, as if there's one technique that cracks both of them, or the same weakness that leads to cracking both. SSL has been cracked in short key length implementation, via brute force.
For some 'odd' reason SSL HASHES the RC4 key before feeding it into the key scheduler. I know the person who did this (just spoke with him last week, he is now CTO for PGP). Seems he bothered to talk to Ron Rivest during the implementation stage....
DSLrgm

DSLrgm to pmw2

Premium Member

to pmw2
said by pmw2:

Yes, I should have said WPA-AES is somewhat rare. Non-WIFI use of AES is common enough. Still, I wouldn't read anything into the lack of bad press. Just because nobody has yet implemented AES as badly as WEP implemented encryption, does not infer any greater security.
At this stage of Cryptanalysis, the ONLY way to implement AES wrong (and still interoperate with other products) is in your mode of operation. Specially with CBC mode (that is used in IPsec, but not in 802.11i). The CCM mode is really hard to get wrong. You can ONLY get it wrong if you ever use the same key and counter for two separate datagrams, and the size of the counter, and the keying methodology puts this way up there in the realm of not going to be seen.
The sum total of bad press for WPA-TKIP is in the publication of an idiotic article revealing that choosing a too short passphrase, makes a dictionary attack feasible. The authors forgot to mention that this same weakness apples to WPA-AES.
Excuse me. Every article that I have seen that quotes MY paper on the dictionary attack against PSK (NOT AGAINST TKIP) clear states it is an attack against PSK mode that does not apply to 802.1X mode. Perhaps there is some writer that copied an article that copied an article that did not go back and read my original paper. Also you can find an implementation of this attack at tinypeap.com.