今天几乎无论走到哪里,都有一个可以连接的WiFi网络。(WiFi)无论是在家里、办公室还是在当地的咖啡店,都有大量的WiFi网络。每个 WiFi(Every WiFi)网络都设置了某种网络安全措施,要么对所有人开放,要么受到严格限制,只有某些客户端可以连接。
谈到WiFi安全性,您实际上只有几个选项,尤其是在您设置家庭无线网络时。今天的三大安全协议是WEP、WPA和WPA2。与这些协议一起使用的两大算法是TKIP和带有CCMP的(CCMP)AES。我将在下面更详细地解释其中一些概念。
选择哪个安全选项?
如果您不关心这些协议背后的所有技术细节,而只想知道为您的无线路由器选择哪一个,请查看下面的列表。它的排名从最安全到最不安全。您可以选择的选项越安全越好。
如果您不确定您的某些设备是否能够使用最安全的方法进行连接,我建议您启用它,然后检查是否有任何问题。我以为有几个设备不支持最高加密,但惊讶地发现它们连接得很好。
- WPA2 企业版 (802.1x RADIUS)
- WPA2-PSK AES
- WPA-2-PSK AES + WPA-PSK TKIP
- WPA TKIP
- WEP
- 开放(无安全)
值得注意的是,WPA2 Enterprise不使用预共享密钥 ( PSK ),而是使用EAP协议,并且需要后端RADIUS服务器使用用户名和密码进行身份验证。您在WPA2(WPA2)和WPA中看到的PSK基本上是您第一次连接到无线网络时必须输入的无线网络密钥。
WPA2 Enterprise的设置要复杂得多,通常只在公司环境或非常精通技术的家庭中完成。实际上,您只能从选项 2 到 6 中进行选择,尽管大多数路由器现在甚至没有WEP或WPA TKIP选项,因为它们不安全。
WEP、WPA 和 WPA2 概述
我不会详细介绍每种协议的技术细节,因为您可以轻松地在 Google 上搜索更多信息。基本上(Basically),无线安全协议开始于 90 年代后期,并且从那时起一直在发展。值得庆幸的是,只有少数协议被接受,因此更容易理解。
WEP
WEP 或有线等效隐私(Wired Equivalent Privacy)于 1997 年与无线网络的 802.11 标准一起发布。它应该提供与有线网络等效的机密性(因此得名)。
WEP从 64 位加密开始,最终一路发展到 256 位加密,但路由器中最流行的实现是 128 位加密。不幸的是,在引入WEP(WEP)后不久,安全研究人员发现了几个漏洞,使他们能够在几分钟内破解WEP密钥。(WEP)
即使进行了升级和修复,WEP协议仍然易受攻击且易于渗透。针对这些问题,WiFi联盟(WiFi Alliance)推出了WPA或WiFi Protected Access,并于2003年采用。
水协
WPA实际上只是一种中间补救措施,直到他们最终确定WPA2,它于 2004 年推出,现在是目前使用的标准。WPA使用TKIP或临时密钥完整性协议( Temporal Key Integrity Protocol)作为确保消息完整性的一种方式。这与使用CRC或循环冗余校验的(Cyclic Redundancy Check)WEP不同。TKIP比CRC强得多。
不幸的是,为了保持兼容性,WiFi 联盟从(WiFi Alliance)WEP中借鉴了一些方面,这最终使带有TKIP的(TKIP)WPA也变得不安全。WPA包含一项名为WPS(WiFi 保护设置)(WPS (WiFi Protected Setup))的新功能,旨在让用户更轻松地将设备连接到无线路由器。但是,它最终也存在漏洞,使安全研究人员也可以在短时间内破解WPA密钥。(WPA)
WPA2
WPA2早在 2004 年就可以使用,并在 2006 年正式要求。WPA和WPA2之间最大的变化是使用AES加密算法与CCMP而不是TKIP。
在WPA中,AES是可选的,但在WPA2中,AES是强制性的,TKIP是可选的。在安全性方面,AES比TKIP安全得多。在WPA2(WPA2)中发现了一些问题,但它们只是企业环境中的问题,不适用于家庭用户。
WPA使用 64 位或 128 位密钥,最常见的是用于家庭路由器的 64 位。WPA 2-PSK 和WPA 2-Personal 是可互换的术语。
因此,如果您需要记住这一切,那就是:WPA2 是最安全的协议,而带有CCMP的(CCMP)AES是最安全的加密。此外,应该禁用WPS ,因为它很容易破解和捕获路由器(WPS)PIN,然后可以用来连接到路由器。如果您有任何问题,请随时发表评论。享受!
What is the Difference between WPA2, WPA, WEP, AES, and TKIP?
Pretty much everywhere you go today, there is a WiFi network you can connect to. Whether it be at home, at the office or at the local coffee shop, there are a plethora of WiFi networks. Every WiFi network is setup with some kind of network secυrity, either open for аll to access or extremely restricted where onlу certain clients can connect.
When it comes to WiFi security, there are really only a couple of options you have, especially if you are setting up a home wireless network. The three big security protocols today are WEP, WPA, and WPA2. The two big algorithms that are used with these protocols are TKIP and AES with CCMP. I’ll explain some of these concepts in more detail below.
Which Security Option to Pick?
If you don’t care about all the technical details behind each one of these protocols and just want to know which one to select for your wireless router, then check out the list below. It’s ranked from most secure to least secure. The more secure option you can choose, the better.
If you’re not sure if some of your devices will be able to connect using the most secure method, I suggest you enable it and then check to see if there are any issues. I thought several devices would not support the highest encryption, but was surprised to find out they connected just fine.
- WPA2 Enterprise (802.1x RADIUS)
- WPA2-PSK AES
- WPA-2-PSK AES + WPA-PSK TKIP
- WPA TKIP
- WEP
- Open (No security)
It’s worth noting that WPA2 Enterprise doesn’t use pre-shared keys (PSK), but instead uses the EAP protocol and requires a backend RADIUS server for authentication using a username and password. The PSK that you see with WPA2 and WPA is basically the wireless network key that you have to enter when connecting to a wireless network for the first time.
WPA2 Enterprise is way more complex to setup and is usually only done in corporate environments or in homes very technically-savvy owners. Practically, you will only be able to choose from options 2 thru 6, though most routers now don’t even have an option for WEP or WPA TKIP anymore because they are insecure.
WEP, WPA and WPA2 Overview
I’m not going to go into too much technical detail about each of these protocols because you could easily Google them for lots of more information. Basically, wireless security protocols came about starting in the late 90’s and have been evolving since then. Thankfully, only a handful of protocols were accepted and therefore it’s much easier to understand.
WEP
WEP or Wired Equivalent Privacy was released back in 1997 along with the 802.11 standard for wireless networks. It was supposed to provide confidentiality that was equivalent to that of wired networks (hence the name).
WEP started off with 64-bit encryption and eventually went all the way up to 256-bit encryption, but the most popular implementation in routers was 128-bit encryption. Unfortunately, very soon after the introduction of WEP, security researchers found several vulnerabilities that allowed them to crack a WEP key within a few minutes.
Even with upgrades and fixes, the WEP protocol remained vulnerable and easy to penetrate. In response to these problems, the WiFi Alliance introduced WPA or WiFi Protected Access, which was adopted in 2003.
WPA
WPA was actually meant to just an intermediate remedy until they could finalize WPA2, which was introduced in 2004 and is now the standard used presently. WPA used TKIP or Temporal Key Integrity Protocol as a way to ensure message integrity. This was different from WEP, which used CRC or Cyclic Redundancy Check. TKIP was much stronger than CRC.
Unfortunately, to keep things compatible, the WiFi Alliance borrowed some aspects from WEP, which ended up making WPA with TKIP insecure also. WPA included a new feature called WPS (WiFi Protected Setup), which was supposed to make it easier for users to connect devices to the wireless router. However, it ended up having vulnerabilities that allowed security researchers to crack a WPA key within a short period of time also.
WPA2
WPA2 became available as early as 2004 and was officially required by 2006. The biggest change between WPA and WPA2 was the use of the AES encryption algorithm with CCMP instead of TKIP.
In WPA, AES was optional, but in WPA2, AES is mandatory and TKIP is optional. In terms of security, AES is much more secure than TKIP. There have been some issues found in WPA2, but they are only problems in corporate environments and don’t apply to home users.
WPA uses either a 64-bit or 128-bit key, the most common being 64-bit for home routers. WPA2-PSK and WPA2-Personal are interchangeable terms.
So if you need to remember something from all this, it’s this: WPA2 is the most secure protocol and AES with CCMP is the most secure encryption. In addition, WPS should be disabled as it’s very easy to hack and capture the router PIN, which can then be used to connect to the router. If you have any questions, feel free to comment. Enjoy!