WPA

Wi-Fi Protected Access

WPA, or Wi-Fi Protected Access, is the successor to WEP [WEP](Wired Equivalent Privacy). Since WEP was developed in 1999, long before wireless internet went mainstream, there has been some need for the update that is WPA.

WPA, quite simply, is designed to secure wireless computer networks. Since WEP was constructed so long ago (before Y2K for heaven's sakes), it never really took Wi-Fi or its protection very seriously. It was hard for the engineers who designed WEP – or the United States Government that approved it – to fully appreciate the future importance of wireless internet, or the way whole cities have embraced its use. Heck, no one can see into the future (prove me wrong, Ms. Cleo, prove me wrong).

Advertiser Links for WPA

**Caption: WPA is simply tougher to break

Unlike WEP, WPA was created by those who know wireless internet inside and out. The system was developed by the Wi-Fi Alliance the industry trade group originally responsible for the growth of wireless internet (they also own the trademark to the name).

Here are some of the advantages to WPA over WEP:

Harder to crack.

  • The Wi-Fi Alliance constructed WPA so that data might be encrypted using the RC4 stream cipher. For those of you who don't follow, that means that a 256 bit key is used. In case you missed it, WEP utilizes just a 40 to 128 bit key, as set by the U.S. Government in 1999. Thus, WPA is much more difficult to crack than the shorter WEP.

Designed with you in mind (so long as "you" aren't a major corporation)

  • When it was first put together before the year 2000, WEP was developed with the only entities that could actually use Wi-Fi. These were major corporations and business offices, and not the average Joe. However, WPA was designed for the small business and home unit, making the best defense available without using a costly authentication server (which is what big businesses must now use to protect themselves).

Password format choice.

  • WEP was breakable because users were forced to use a complicated, confusing, and generally irritating hexadecimal format for passwords. Although it was meant to create keys harder to crack, the baffling nature of the format led to many users incorporating very predictable codes that were difficult for them to remember but easy for hackers to break.
  • Although WPA offers users the ability to use hexadecimal if they so choose, ASCII is also available. Those are your standard alphabetic letters, and a password as simple as 8 characters or as complicated as 63 can be used.

A few problems have not been resolved between WEP and WPA, however. Users should be aware that there are still significant issues left out or simply not resolved in the transition.

Still not a default.

  • Like WEP, a user is not prompted by default to establish a WPA password. That's still up to them to seek out and put in place, leaving many non-experts as vulnerable now as they were before.

Still breakable.

  • Although the use of ASCII characters (8 to 63) is much more convenient for a user's memory bank, it's also just as easy to break. That's because most users will tend to use shorter passwords that can be cracked by hackers using specialized programs. Security experts recommend users employ a lengthy code, upwards of 25-30 characters.

Better be with the times.

  • Older versions of Windows (98 or earlier) will not run WPA, so you'd better update now.