Sikring av nett - WPA vs WEP.

[geirthr]

Noen som kan forklare meg forskjellen på disse?

Jeg har hørt WPA er sikrest, men hvorfor?

Endret 20. mars 2006 av geir-thr

[Skagen]

Wiki: WPA og WEP.

 

WEP was intended to provide comparable confidentiality to a traditional wired network, hence the name. Several serious weaknesses were identified by cryptanalysts, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping.

 

Om du lese wiki-linkene mine finner du mere dyptgående detaljer, f.eks her.

Det finnes også masse info om metoder og framgang for sikkring av trådløse nett i Nettverks FAQ'en som forøvrig er sticky i Nettverks forumet.

Endret 20. mars 2006 av skag1

[ttt]

Det er mange program som knekker WEP-passord på relativt kort tid (kan vere snakk nokre få minutt). Dei som laga WEP gjorde ikkje ein spesielt god jobb. Derimot er det ingen god måte å knekke WPA. WPA vart utvikla med tanke på sikkerhet frå dag 1.

[geirthr]

Takk for svar

 

Noen konkrete eksempler på hva som utgjør forskjellene?

Er det kun mer komplekse nøkler?

[Skagen]

Key size is not the major security limitation in WEP. Cracking a longer key requires interception of more packets, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets, that are not helped at all by a longer key.

 

One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.

 

In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed; this was another weakness in WEP.

 

By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult. The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards; however it is subject to a packet forgery attack. To limit this risk, WPA networks shut down for 60 seconds whenever an attempted attack is detected