Dear EE users,
I know that with WPA and WPA2-PSK I have to enter a pre shared key (simple password) in order to connect to the network. But what is WPA and WPA2-enterprise? As I know it is used with RADIUS, but 802.1x is also used with RADIUS. Then what is the difference between these two? Which use certificates and which not? Second: Why can I enter a "passphrase" with WPA-ent, WPA2-ent and 802.1x? And why can I use WEP 64-128 with both three if 802.1x uses certificates?
Please explan me the key differences between these three and my questions shortly. I'm not a noob, but I'm now a bit get lost in these three :(
Chris
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Sorry, but I need EXACT answers to my questions:
"Then what is the difference between these two? Which use certificates and which not? Second: Why can I enter a "passphrase" and for what reason with WPA-enterprise, WPA2-enterprise and 802.1x? And why can I use WEP 64-128 with both three if 802.1x uses certificates?"
I can also google a link, but I need these answers clearly, sorry.
There seem to be several points of confusion.
First, WPA/WPA2 Enterprise *is* 802.1x.
Certificates are more of a microsoft thing, and are not part of the 802.1x specification (download a copy from http://standards.ieee.org/
Second, you're not separating authentication (802.1x versus Pre-Shared Key) and encryption (RC4 versus AES).
The original WEP used 40-bit RC4 encryption (5-byte passphrase + 3-byte constant added by each side; the 3-byte constant was as unique as it could be for 16 million possibilites, but did not ever change), because 40-bit encryption was the strongest allowed to be exported from the USA at the time WEP was invented. Fortunately for privacy advocates everywhere Phil Zimmerman gave us PGP via the 1st amendment end-around and by the time the government dropped the case against him in 2000, the weaknesses of WEP's RC4 implementation had been exposed and people were working on something better. WEP can be cracked, using freely available software, in 10 minutes or less if there is traffic to observe and you have an adapter+driver that can capture raw packets; 5 minutes or less if you have an adapter+driver combination that can do injection. Mainly because the passphrase is included in every packet and it never changes (except when you manually change it in the router/AP).
WPA-TKIP (Temporal Key Integrity Protocol) is really WEP with a passphrase that changes immediately after authentication, then every so many seconds (3600, or 1 hour, is the default... some router/AP firmware allows you to change that value), according to vectors that are computed with the passphrase plus a number used once (NONCE) at authentication. Hackers can capture data exchanged (requires only an adapter+driver that can capture raw packets), assemble them then decrypt up to an hour's worth at their leisure offline, using the same tools that can crack WEP in real time... the only restriction is every time the passphrase changes, they have to redo the decryption/crack. So your data is not secure (unless it's also encrypted with SSL/VPN inside the WPA-TKIP wrapper), but they cannot reverse-engineer the decrypted passphrases to figure out the prior password[s] so your connection is secure. Some router/AP firmware routines added AES encryption to the mix, but that's not part of the official WPA spec, so there's no guarantee a client will support that feature.
WPA2-AES (Advanced Encryption Standard) uses the passphrase + NONCE authentication, and AES is part of the specification as well. AES is one of the strongest encryption methods in use today. It is approved by the NIST for government communications, which should testify to its strength. In addition, WPA2 does NOT include the encrypted passphrase in every packet, so even captured data packets are considered secure.
So, you can have 802.1x *or* PSK authentication combined with WEP, TKIP (both RC4) *or* AES encryption.
Does that address all of your questions?
Business Accounts
Answer for Membership
by: rshooper76Posted on 2009-09-24 at 10:58:08ID: 25415951
This artilce talks a littel about the differences, basicalyl WPA2 used different encryption technology than WPA.
http://compudent.blogspot.
Radius typically uses a raduis server to authenticate your user.
This article is a bit long and goes into more detail than you probably want. But I linked it anyway.
http://en.wikipedia.org/wi
I hope this helps.