HOW ABOUT SE­CU­RITY?

Maximum PC - - WI-FI -

It’s stag­ger­ing to think that se­cu­rity for data trans­mit­ted wire­lessly al­most seems as though it was an af­ter­thought. The orig­i­nal Wired Equiv­a­lent Pri­vacy (WEP) doesn’t even men­tion en­cryp­tion or pro­tec­tion, but was de­vised at a time when US ex­port re­stric­tions limited en­cryp­tion to 48 bits, and so, as an in­ter­na­tional stan­dard, WEP started life ham­strung. Sure enough, in 2001, it was demon­strated that WEP could be cracked in min­utes via packet sniff­ing, be­cause the en­cryp­tion sys­tem was fun­da­men­tally flawed.

As a mat­ter of some ur­gency, a re­place­ment sys­tem was de­vised: Wi-Fi Pro­tected Ac­cess, or WPA. This ar­rived in 2003, and was a re­quire­ment on all rat­i­fied 802.11g equip­ment—802.11a hard­ware ended up with sup­port, too. An im­por­tant im­prove­ment was that WPA uses 48-bit RC4 en­cryp­tion when send­ing the shared key, rather than the 24 bits of WEP, and the key changes for every frame, mak­ing it un­likely that it could be cracked in time.

WPA was a stop­gap mea­sure, such were the fail­ings of WEP. The full 802.11i se­cu­rity im­ple­men­ta­tion is called WPA2, and was rolled out in the mid­dle of 2005. This re­places the old RC4 used with WEP and WPA with a far se­curer en­cryp­tion— from 128 to 256 bits. It also im­ple­ments a new packet en­cryp­tion that is far en­hanced over the inse­cure WEP sys­tem and the im­proved WPA im­ple­men­ta­tion, and is the re­quired sys­tem on 802.11n on­ward. At the start of 2018, WPA3 was an­nounced, and will be re­quired on the next gen­er­a­tion of wire­less de­vices. It’s specif­i­cally de­signed to re­pel brute-force at­tacks, and im­prove de­vice con­nec­tions without screens. Hope­fully, you’ll see WPA3-ca­pa­ble de­vices and routers from the end of 2018.

Keep your eyes peeled for WPA3cer­ti­fied de­vices.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.