Mar 20, 2014  There are various ways to protect a wireless network. Some are generally considered to be more secure than others. Some, such as WEP Wired Equivalent.

How to Hack Wi-Fi: Cracking WPA2-PSK Passwords with Cowpatty. Welcome, my hacker novitiates. As part of my series on hacking Wi-Fi, I want to demonstrate.

WPA2-PSK

Main TERM W

Short for Wi-Fi Protected Access 2 - Pre-Shared Key, and also called WPA or WPA2 Personal,  it is a method of securing your network using WPA2 with the use of the optional Pre-Shared Key PSK authentication, which was designed for home users without an enterprise authentication server. 

To encrypt a network with WPA2-PSK you provide your router not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using a technology called TKIP for Temporal Key Integrity Protocol, that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. Although WEP also supports passphrases, it does so only as a way to more easily create static keys, which are usually comprised of the hex characters 0-9 and A-F.

See also The Differences Between WEP and WPA in the Did You Know. section of Webopedia.

TECH RESOURCES FROM OUR PARTNERS.

Short for Wi-Fi Protected Access 2, the follow on security method to WPA for wireless networks that provides stronger data protection and network access control.

When you want to join a WPA-PSK/WPA2-PSK wireless network, your Mac will always refuse to do so. Here s how you can do it. In System Preferences, click on the Network.

On our Comcast Xfinity router, WPA2-PSK TKIP, WPA2-PSK AES, and WPA2-PSK TKIP/AES are all different options. Choose the wrong option and you ll have a slower, less-secure network.

The last option both TKIP and AES was the default on our router. That s actually a bad choice, but just understanding the options requires some knowledge of Wi-Fi encryption standards.

AES vs. TKIP

TKIP and AES are two different types of encryption that can be used by a Wi-Fi network. TKIP stands for Temporal Key Integrity Protocol. It was a stopgap encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated. In other words, you shouldn t be using it.

AES stands for Advanced Encryption Standard. This was a more secure encryption protocol introduced with WPA2, which replaced the interim WPA standard. AES isn t some creaky standard developed specifically for Wi-Fi networks; it s a serious worldwide encryption standard that s even been adopted by the US government. For example, when you encrypt a hard drive with TrueCrypt, it can use AES encryption for that. AES is generally considered quite secure, and the main weaknesses would be brute-force attacks prevented by using a strong passphrase and security weaknesses in other aspects of WPA2.

The  PSK in both names stands for pre-shared key the pre-shared key is generally your encryption passphrase. This distinguishes it from WPA-Enterprise, which uses a RADIUS server to hand out unique keys on larger corporate or government Wi-Fi networks.

WPA Uses TKIP and WPA2 Uses AES, But

In summary, TKIP is an older encryption standard used by the old WPA standard. AES is a newer Wi-Fi encryption solution used by the new-and-secure WPA2 standard. In theory, that s the end of it. But, depending on your router, just choosing WPA2 may not be good enough.

While WPA2 is supposed to use AES for optimal security, it also has the option to use TKIP for backward compatibility with legacy devices. In such a state, devices that support WPA2 will connect with WPA2 and devices that support WPA will connect with WPA. So WPA2 doesn t always mean WPA2-AES. However, on devices without a visible TKIP or AES option, WPA2 is generally synonymous with WPA2-AES.

Wi-Fi Security Modes Explained

Confused yet. We re not surprised. But all you really need to do is hunt down the one, most secure option in the list. For example, here are the options our Comcast Xfinity router provides:

Open risky : Open Wi-Fi networks have no passphrase. You shouldn t set up an open Wi-Fi network seriously, you could have your door busted down by police.

WEP 64 risky : The old WEP encryption standard is vulnerable and shouldn t be used. Its name, which stands for Wired Equivalent Privacy, now seems like a joke.

WEP 128 risky : WEP with a larger encryption key size isn t really any better.

WPA-PSK TKIP : This is basically the standard WPA, or WPA1, encryption. It s been superseded and isn t secure.

WPA-PSK AES : This chooses the older WPA wireless protocol with the more modern AES encryption. Devices that support AES will almost always support WPA2, while devices that require WPA1 will almost never support AES encryption. This option makes very little sense.

WPA2-PSK TKIP : This uses the modern WPA2 standard with older TKIP encryption. This isn t secure, and is only a good idea if you have older devices that can t connect to a WPA2-PSK AES network.

WPA2-PSK AES : This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option. On devices with less confusing interfaces, the option marked WPA2 or WPA2-PSK will probably just use AES, as that s a common-sense choice.

WPAWPA2-PSK TKIP/AES recommended : Our Comcast Xfinity router recommends this free-for-all option. This enables both WPA and WPA2 with both TKIP and AES. This provides maximum compatibility with any ancient devices you might have, but also ensures an attacker can breach your network by cracking the lowest-common-denominator encryption scheme. This TKIP AES option may also be called WPA2-PSK mixed mode.

Devices Manufactured Since 2006 Must Support AES

WPA2 certification became available in 2004, ten years ago. In 2006, WPA2 certification became mandatory. Any device manufactured after 2006 with a Wi-Fi logo must support WPA2 enctyption. That s now eight years ago.

Your Wi-Fi enabled devices are probably newer than 8-10 years old, so you should be fine just choosing WPA2-PSK AES. Select that option and then you can see if anything doesn t work. If a device does stop working, you can always change it back although you may just want to buy a new device manufactured at any time in the last eight years.

WPA and TKIP Will Slow Your Wi-Fi Down

WPA and TKIP compatability options can also slow your Wi-Fi network down. Many modern Wi-Fi routers that support 802.11n and newer, faster standards will slow down to 54mbps if you enable WPA or TKIP in their options. They do this to ensure they re compatible with these older devices.

In comaprison, even 802.11n supports up to 300mbps but, generally, only if you re using WPA2 with AES. Theoretically, 802.11ac offers theoretical maximum speeds of 3.46 Gbps under optimum read: perfect conditions.

In other words, WPA and TKIP will slow a modern Wi-Fi network down. It s not all about security.

On most routers we ve seen, the options are generally WEP, WPA TKIP, and WPA2 AES with perhaps a WPA TKIP WPA2 AES compatibility mode thrown in for good measure.

If you do have an odd sort of router that offers WPA2 in either TKIP or AES flavors, choose AES. Almost all your devices will certainly work with it, and it s faster and more secure. It s an easy choice, as long as you can remember AES is the good one.

Image Credit: miniyo73 on Flickr.

WPA2-PSK may not be as safe as you think. There are a few attacks against WAP2-PSK. One of the most common attacks is against WPA2 is exploiting a weak.

This section discusses how to restrict wireless access to your network and how to configure wireless security such as Mixed WPA-PSK WPA2-PSK, WEP, and WPA.

Wireless security is important, and Wi-Fi wireless networks can enable WPA2, a sophisticated encryption technology that protects data flowing between Wi-Fi radios.

WEP security can easily be cracked. That s why you should use Wi-Fi Protected Access 2 WPA2 to protect your wireless network.

Dec 12, 2014  On our Comcast Xfinity router, WPA2-PSK TKIP, WPA2-PSK AES, and WPA2-PSK TKIP/AES are all different options. Choose the wrong option and.