Forum

This is a query regarding difference in WPA/WPA2 authentication vis a vis OPEN

If we use WPA/WPA2 with 802.1x/EAP, I think the authentication mechanism before the generation of PMKs is same as for OPEN. The doubt is that if all operation post PMK generation not a part of authentication, then how authentication (not encryption) process using WPA/WPA2 is different from OPEN. Or is like generation of PTKs and GTKs using four way handshake is a part of authentication process which clarifies the difference.

Any help on the same is appreciated.

Thanks,
Himanshu

Hi Himanshu:

In the early days, 802.11 authentication between two stations was based on a demonstration that each possessed a copy of the same WEP key. This authentication preceded association. Authentication was either turned on and called "shared key" or turned off and called "open".

WEP was found to be woefully broken and a serious effort was put into fixing it. The result are authentication processes that occur >>after<< association, based on 802.1X/EAP or PSK, and based on the 4-Way Handshake. The new authentication requires that the old authentication be left off, that is "open".

It would have been less confusing if the new authentication had replaced the old rather than supplemented it. Now we have to talk about both.

I hope this helps. Thanks. /criss

devinator Escribi?3:

Many Wi-Fi devices support WPA with AES, but they are all proprietary implementations. Since the Wi-Fi Alliance never specified the use of AES in WPA, any use of it in this capacity is uncertified by the Wi-Fi Alliance for compatibility.

Devinator

I definitely hear and understand what you have said however how does one explain Linksys WRT300N receiving WiFi WPA/WPA2 cert? This has got to be one of the most confusing home routers to understand regarding their implementation of wireless security on the router web interface. I had to use Airopeek just to verify what I configured was actually working the way I expected.

For example, Linksys has what they call "Personal PSK" and "Personal PSK2". However, their web interface for "PSK" has option to choose AES or Tkip. For "PSK2" they have option to choose AES or Tkip/AES. If you select AES for either one then in WFA terms are you using WPA or WPA2.

Now a user may configure the AP for "PSK" and select Tkip. Now he takes a client which say him/her is using a Netgear adapter (Atheros based) which uses different terminology and configures for WPA, PSK or whatever worded options are available. In this case the client may only support AES depending on options available to choose from. Then wonders why the client can never connect!

I can see why so many users are confused over WPA vs. WPA2. I think Linksys tried to go with IEEE options while pleasing WFA at the same time but forgot about the average user. 8-O

Seems WFA should invoke stricter guidelines on the vendors. Maybe WPS will be the remedy for the average joe.