Home

 › 

Articles

 › 

Concepts

 › 

Vs.

 › 

WEP vs. WPA: 5 Key Differences

wifi 6 vs wifi 6e

WEP vs. WPA: 5 Key Differences

If you use Wi-Fi for wireless networking at home or in your business or workplace, how do you know that the data you exchange with the internet is secure? Unsecured wireless local area networks (WLANs) are vulnerable to snooping, hacking, and other attacks. Thankfully, most Wi-Fi networks are secured with one of two leading technologies, WEP and WPA. The creators of Wi-Fi have developed WEP and WPA to ensure that your wireless network stays private and secure, but there are significant differences between these technologies that make one more secure than the other. In this article, we share five key differences between WEP and WPA to help you select the best security technology for your Wi-Fi network. 

WEP vs. WPA: Side-by-Side Comparison

WEPWPA
Name Wired Equivalent PrivacyWi-Fi Protected Access
What it isSecurity algorithm for wireless networksSecurity certification standard for wireless networks
VersionsWEP2, WEP plus, Dynamic WEPWPA 1, WPA 2, WPA 3
Primary useProtecting a Wi-Fi (802.11) networkProtecting a Wi-Fi (802.11) network
Initial release19992003
Influential developersThe Institute of Electrical and Electronic Engineers (IEEE), The Wi-Fi AllianceThe Institute of Electrical and Electronic Engineers (IEEE), The Wi-Fi Alliance
Technologies used64, 128-bit Encryption, stream cipher RC4, CRC-32 checksum, open System authentication, shared Key authentication.Temporal Key Integrity Protocol (TKIP),  64-bit  128-bit or 256-bit encryption key,  Message Integrity Check, cyclic redundancy check (CRC), CCMP
Compatible versions of Wi-FiWi-Fi 1 (802.11b), Wi-Fi 2 (802.11a)Wi-Fi 1 (802.11b), Wi-Fi 2 (802.11a), Wi-Fi 3 (802.11g), Wi-Fi 4 (802.11n), Wi-Fi 5 (802.11ac), Wi-Fi 6 (802.11ax)
Hardware supportWi-Fi 1 and 2 routers and compatible devices Wi-Fi 1 to 6 routers and compatible devices 
Smartphone Wi-Fi wifi network
Most current Wi-Fi networks are protected by WPA2 or WPA3.

WEP vs. WPA: 5 Differences to Know

Both network security protocols have been used to protect consumer and business Wi-Fi networks, but their differences mean that only one is suitable for ongoing use. Here are 5 fundamental differences between WEP and WPA:

1. WPA is Newer Technology

The crucial difference between these two Wi-Fi security technologies is that WEP is older than WPA. Things move quickly in technology, so it is no surprise that as a 23-plus-year-old security protocol, WEP is pretty much obsolete nowadays. 

2. WEP Is Only Compatible With Wi-Fi 1 and 2

The IEEE/Wi-Fi Alliance released WEP when Wi-Fi first started (1999) and it was the default network security protocol on Wi-Fi 1 and 2 (802.11 b/a) devices, but it WPA superseded it by the time Wi-Fi 3 (802.11g) came out. 

3. The Level of Encryption 

WPA has far more robust encryption. It features the Advanced Encryption Standard (AES) with a 256-bit encryption key vs. the 64-bit and 128-bit encryption keys of WEP and WEP2. Though both technologies use the RC4 stream cipher, WPA uses key mixing and the automatic generation of new keys for each data packet to conceal the key more reliably. 

4. Network Authentication 

WPA has far more robust device authentication standards than WEP’s open authentication and shared key authentication. This includes the implementation of group keys and four-way handshakes to ensure that there are only legitimate network participants at all times. WPA 3 has the most advanced, yet easy-to-use authentication that includes QR-code authentication for devices that do not have a keyboard. 

5. Protection of Data Packets 

WPA has far more robust protection of data packets, with message integrity checks to ensure that no one has tampered with the received data packets. WEP was almost entirely reliant on its relatively weak encryption and cyclic redundancy checks, meaning that transmitted data packets could have potentially been intercepted, altered and re-sent without detection.

What is WEP?

Wired Equivalent Privacy (WEP) is a legacy Wi-Fi security algorithm that was implemented when the first 802.11 Wi-Fi standard appeared in the late 1990s. Its name refers to the intention that the WEP protocol would provide a level of network security that is equivalent to a wired (Ethernet) network. 

WEP was end-user-facing and available as part of the security setup of Wi-Fi routers and other network equipment. It secured data exchanged across the networks by encryption with the earliest forms of WEP using a 64-bit encryption key. It is the only in-built encryption protocol in the earliest versions of Wi-Fi, Wi-Fi 1 (802.11b) and Wi-Fi 2 (802.11a).

Development of WEP

One of the key challenges in developing WEP was its relatively lax security. This was not because of negligence but because at the time the Wi-Fi Alliance developed WEP, the U.S. government had restricted the use of cryptographic technologies, limiting the complexity of the encryption key that WEP could use. 

Once WEP became the official security standard for Wi-Fi in 1999, its weaknesses became apparent through the following widely publicized attacks:

  • Fluhrer, Mantin and Shamir attack, a stream cipher attack that targeted the RC4 stream cipher used by WEP to encrypt data bit by bit. The team targeted and recovered the encryption key from RC4 encrypted messages
  • The Caffe Latte attack, a remote attack using the Windows wireless stack to obtain the WEP from a client device by flooding the Wi-Fi network with encrypted ARP requests.

When the U.S. government lifted the restrictions on cryptographic technologies, the Wi-Fi Alliance moved quickly to update WEP with a stronger 128-bit encryption key and later a 256-bit key. However, in 2003, the IEEE and the W-Fi Alliance introduced Wi-Fi Protected Access (WPA), which succeeded WEP. By 2004, when they introduced WPA2, WEP became a legacy technology.

Technologies Used by WEP

WEP uses the following technologies:

  • Rivest Cipher 4 (RC4/ARC4) a symmetric key cipher that encrypts the plain text digits of a data stream with a pseudo-random keystream one bit at a time. This technology keeps data transferred over the network private. WEP originally used a 64-bit encryption key, but WEP 2 uses a 128-bit key.
  • CRC-32, a checksum variant of cyclic redundancy checks to check errors in the data that is transferred over a Wi-Fi network and that ensures that data packets are correctly received.
  • Open System Authentication is a process by which devices access a WEP protocol-secured wireless network. It provides simple access that is ideal for guest devices. Once a client device is authenticated, it can send and receive un-encrypted data across the network.
  • Shared Key Authentication requires the exchange of a WEP key to access and exchange encrypted data on a Wi-Fi network.

What is WPA?

Wi-Fi Protected Access (WPA), also known as Robust Security (IEEE 802.11i), is the network security technology that has superseded WEP and we routinely implement it in Wi-Fi networks. It was first released in 2003 by the IEEE/ Wi-Fi Alliance in response to notable weaknesses in the WEP protocol, strengthening security with extremely robust device authentication and encryption protocols. It is currently in its third generation. The available WPA security certification standards are: 

  • The original Wi-Fi Protected Access (WPA) released in 2003
  • Wi-Fi Protected Access 2 (WPA2) released in 2004
  • Wi-Fi Protected Access 3 (WPA3) released in 2018

All three WPA protocols are available in personal (e.g. WPA2-Personal) and enterprise (e.g. WPA2-Enterprise) versions developed for consumer and commercial use. They use AES data encryption and require a network name and password for network access. 

WPA features 

The network security features of WPA ensure robust protection of network access and the data that is transferred across Wi-Fi networks. WPA 3 supersedes WPA2 and WPA, with modern Wi-Fi networks using at least WPA2, and WP3 being routinely available for Wi-Fi 5 and 6 routers and devices. Key features and technologies of WPA include:

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP): This is an enhanced encryption protocol based on the Advanced Encryption Standard (AES) that was specifically developed for Wi-Fi.

Advanced Encryption Standard (AES): This is a well-known U.S. Government-developed encryption standard that can use 128, 192, and 256-bit encryption keys.

Temporal Key Integrity Protocol (TKIP): WPA2 previously used this encryption protocol, but other technologies have superseded it. It keeps the root key concealed by using a key mixing function, while using RC4 to encrypt and decrypt data. 

Message Integrity Check (MIC): This feature protects encrypted messages from common interception attacks. For example, “bit-flip” attacks, where hackers send slightly altered spoofed messages to network receivers in an attempt to penetrate the network. 

Four-way handshake: WPA uses the four-way handshake for authentication. It is extremely robust, requiring the exchange of four messages between the network’s access point and a device that wants to join.

Group key handshake (GTK): This is another authentication tool that supplies a time-limited group transient key to all participant client devices in the network.

Forward secrecy (FS): This feature randomly changes encryption keys between transmitted data packets so that if an attacker gets an encryption key, the data they can decrypt is minimal.

Security issues

WPA has also had security issues, which they have largely addressed by the widespread implementation of WPA3. Security issues have included:

  • Weak passwords with vulnerability to password cracking.
  • Absent forward security, allowing a captured encryption key to be used to decode all data packets. 
  • Spoofed data packets to attempt to recover TKIP encryption keys.
  • Wi-Fi Protected Setup (WPS) PIN recovery which uses a captured PIN code from a router’s WPS to recover WPA/WPA2 passwords. 
hilarious names for your Wi-Fi
It is usual for strong passwords to consist of random characters, making them difficult to remember.

WEP vs. WPA: Six Must-Know Facts

  1. The Wi-Fi Alliance initially intended WPA to be an interim measure for resolving the security weaknesses of WEP prior to the development of a fully updated standard. 
  1. The Wi-Fi Alliance released the original WPA version as a firmware update for Wi-Fi 1 and 2 wireless network cards. It was not possible to make pre-2003 access points WPA-compatible.
  1. The Group Temporal Key (GTK) used by WPA2 also has a security vulnerability known as Hole196. An attacker can exploit the group authentication with man-in-the-middle or denial-of-service attacks to get themselves authenticated on the targeted network. 
  1. Since the 1st of July 2020, WPA3 has been mandatory for official Wi-Fi-certified devices. In addition, it is part of the testing for the certification of new devices. At present, WPA2 does not have to be upgraded and works competently with WPA3 as it is backward compatible. 
  1. WPA3 replaces the pre-shared key exchange of WPA2 with a more robust feature called Simultaneous Authentication of Equals (SAE) for the exchange of 128-bit encryption keys between authenticated devices. 
  1. Only devices that the Wi-Fi Alliance has certified can carry the official Wi-Fi logo.

WEP vs. WPA: Which is Better?

As a legacy technology, WEP has multiple vulnerabilities. It is already over 20 years old. Therefore, unable to protect a network from the sophisticated attacks that are prevalent these days. Attackers would quickly target a device that uses legacy versions of Wi-Fi like WEP and WEP2 because of its well-known weaknesses. 

The Wi-Fi Alliance developed WPA to protect Wi-Fi networks better. The first version, WPA, addressed the weakness of WEP. Subsequent versions have strengthened wireless network security to keep up with contemporary challenges. In short, the best security standard for Wi-Fi right now is WPA3. It has been routinely implemented on all routers and Wi-Fi devices that have been released since 2020.

Frequently Asked Questions

What is an encryption key?

An encryption key is a random combination of numbers, letters and symbols that are used to scramble and unscramble data before and after it is transmitted from one device to another.

What is the Wi-Fi Alliance?

The Wi-Fi Alliance is the industry body that oversees the development of Wi-Fi and the certification process for compatible devices. It developed from the Institute of Electrical and Electronic Engineers (IEEE) body that developed the first version of Wi-Fi and an intermediary body called the Wireless Ethernet Compatibility Alliance (WECA). The Wi-Fi Alliance is non-profit and includes a range of wireless networking, computing and telecommunication companies as part of its membership. 

What is a Man–In–The–Middle attack?

The Man–In–The–Middle is a Wi-Fi network attack where a hacker penetrates the data streams of a network and siphons off large amounts of data. If they can also get an encryption key they can decrypt the data and steal valuable information.

What is a brute force dictionary attack?

This is a Wi-Fi network attack where the hacker tries to guess the network password by rapidly running through a dictionary list of common passwords and phrases.

What is wireless sniffing?

Wireless sniffing is a wireless network attack that searches for un-encrypted traffic being transferred on open networks. The attack monitors traffic for sensitive data like credit card details or account passwords.

To top