WPA2 Encryption Basics

Wired Equivalency Protocol (WEP) uses a naive encryption standard that has become virtually useless. WEP was supplanted by Wi-Fi Protected Access (WPA). WPA was found to be too weak too, and it has been supplanted in turn by Wi-Fi Protected Access 2 (WPA2), which seems to be strong enough for now. ;-)

Windows Vista and Windows XP SP3 support WPA2. Windows XP SP2 supports WPA2 too, but requires the Wireless Client Update [update KB893357 at Microsoft’s Download Center (support.microsoft.com)].

Encryption and keys

Encryption scrambles messages so that an opponent or attacker cannot intercept them. Most encryption is based on encryption keys, which are merely secret codes used to scramble and unscramble the message. Strong encryption requires strong keys.

WPA2-PSK (Preshared Key) is the strongest and most practical form of WPA for most home users. WPA2 is more secure than WPA because it uses the much stronger AES (Advanced Encryption Standard) protocol for encrypting packets. [more] [Smart Computing]

The encryption key may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits. The maximum length results in 256 bit strength, which is what 64 (hex digits) multiplied by 4 bits/digit yields.

To protect against current brute force attacks, a truly random passphrase of at least 20 characters should be used, and 33 characters or more is recommended. But, pre-shared keys are usually configured only once, and users don't need to enter them every time. You might as well use the strongest possible encryption key. :-)

Preshared key generators

Examples:

63 random printable ASCII characters:
ZCTf}xc1ag.n~](j;&:6DrfE7!!ntd[B5v^}m@hJ_?bkKewh#C_~g2wCPD:6>sX

64 random hexadecimal characters (0-9 and A-F):
537A2806E97D20C2689C2CE1F1F3E7D8A6363FFF908BCDCF8F4955BA07B3A993

Questions and answers

What is TKIP?
TKIP (Temporal Key Integrity Protocol) is a backwards compatibile protocal for legacy equipment or handheld devices that cannot support the stronger AES, the most advanced encryption protocol. Some routers (Linksys) can operate in a dual TKIP/AES mode.

References