WEP vs WPA-PSK

By strategic
Jul 19, 2009
Topic Status:
Not open for further replies.
  1. Here is a new one (for me).
    Everybody for the most is aware that wep encryption is breaable.
    There is however one question, what is the difference (or how much of a difference) is there between 128bit WEP, or WPA-PSK. Who should I be worried about breaking my 128bit wep, neighbors, somebody nearby, or even somebody far away? 128bit encryption is afterall, the highest level available is it not?
  2. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    the problem with WEP is not the bit length of the key but rather the simplistic math used to create it.

    WPA, WPA2 have better techniques and thus better security
  3. strategic

    strategic TechSpot Paladin Topic Starter Posts: 1,274

    Thanks for your reply jobeard.
    That clarifies it for me. :)
  4. superdas75

    superdas75 Newcomer, in training

    Understand WPA and WPA2 is far better than WEP but real world, should I be concerned about using WEP?

    Reason for my question is for my kids Nintendo DSi. Although the DSi supports WPA2, the games which he wants to use are for the original DS and WEP only.

    If it makes a difference, how I'm laid out is the family desktop is hardwired to the router and only thing on the wireless side would be the kids DSi and Wii (and could set up MAC filtering for those). Currently broadcasting the SSID but if I switch back to WEP (currently WPA2) guess should turn off.
  5. GameJunkie72792

    GameJunkie72792 TechSpot Maniac Posts: 357

    Well my home network has a small workgroup which i run wired and wireless, i have a shared printer, and a few shared folders.

    I also have a homegroup setup for my 7 machines, and all my machines can be logged into remotely from one another.

    I find WPA2-PSK to be the most efficient for my application, coupled with MAC filtering i have had no problems with peopl lurking on my network.

    Whereas with WEP and non broadcasting SSID i would find someone every now and then on my wireless.

    I also have a Wii and Playstation 3 on the network as well, and they dont mind the WPA2.

    Honestly, if all your devices support it, it isnt much harder to setup WPA2 so I'd recommend it.
  6. Rick

    Rick TechSpot Staff Posts: 6,304   +52 Staff Member

    It takes about 5-10 minutes to break into WEP 64-bit and 20-30 minutes for WEP 128-bit. I know personally...

    But unless you are near a well traveled residential area, in an dense apartment setting or live near someone who's kind of eccentric... 99.998% of the time, you'll be OK with WEP.
  7. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    YES! -- it's a probability issue.
    1) the intruder needs to 'know how'
    2) and use the right tools

    If you can, set the MAC filtering to ALLOW and enter those devices. Most routers will
    then ONLY allow those entries to connect regardless of the WEP key.

    (btw: just to be fully honest; if (1+2) above, then it's highly probable that the intruder knows how to find a valid MAC also :( )
  8. strategic

    strategic TechSpot Paladin Topic Starter Posts: 1,274

    This is becoming far more clearer now. In my area, the only hi-speed internet is wireless. There is no digital phone line to support hi-speed. EVERYBODY in my area has hi-speed - you can see all the antennas on the rooftops. There are many unsecured setups in my area, so what are the odds that somebody would waste time to break into mine?
  9. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    remember: Out of sight is out of mind?

    Some kiddy down the street will try 'just for the fun of it'

    Also you must really understand; There is no such thing as absolute security -- keys for the front door and passwords for logins only help keep honest people honest :)

    Do you best and that's all anyone can expect
  10. strategic

    strategic TechSpot Paladin Topic Starter Posts: 1,274

    Out of curiosity, if someone were to break into a WAN network, could they access the LAN side (without a workgroup or intranet setup) or is that even possible?
  11. GameJunkie72792

    GameJunkie72792 TechSpot Maniac Posts: 357

    Joebeard is right only allow all you MAC adresses to pass, on top of the key.

    personally, i dont see the non broadcasting SSID as a security measure, not by itself anyway.

    you can still find non broadcasted networks.

    and yes, the packets sent over the wireless contain the mac address of the machine, so its really simple to find and spoof a mac address.

    network +, and network security really opened my eyes to alot of things i never even had a clue about before.
  12. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    Very good -- You're seeing the issues well :)

    The 'break-in' would occur on the WiFi-SSID side which is actually on the LAN side.
    They would get Internet access thru your router+modem.

    Accessing your other systems is a firewall issue (on each system).

    Here's my method of controlling the problem.
    1. get all known systems into a small range of ip-addresses
      (say x.y.1.2->1.10)
    2. get everything else at some other range (x.y.1.100->200)
    3. then config the firewall(s) to allow Print/File sharing on the former and denied to the latter
      (allow on x.y.1.2->1.10 + 255[the broadcast address])
    This moves the problem (of control) to one of managing IP address assignments. This works for both WiFi and wired connections -- say like a guest staying with you for a few days.

    For my router, MAC filtering also allows me to predetermine the IP address to be assigned --
    just like static addresss but controlled from the router instead of each system independently.

    If your's doesn't allow that, then you can assign IP addresses manually at each device and set the DHCP assignment range to 1.100->200
  13. strategic

    strategic TechSpot Paladin Topic Starter Posts: 1,274

    That makes a lot of sense, what was I thinking?:eek:
    Here is my scenario, I have a computer hooked to my router (wirelessly) using a Linksys wireless adapter, working fine under WPA_PSK2. I tried to hook up another computer the same way (which sees my SSID, but doesn't support WPA-PSK2, when I use the adapter on it, it doesn't pickup the SSID at all, thinking there was an interference, I disabled the laptops internal wireless and the adapter still wouldn't see it. (This is all preliminary and I have to diagnose it a little better to see what and why)
     
  14. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    may I suggest you post a new topic with the above entry and we'll resume there.

    we try to keep one topic per thread and this ones gone too far from wep vs wpa.
  15. strategic

    strategic TechSpot Paladin Topic Starter Posts: 1,274

    Thanks for the advice jobeard, I didn't really mean to start anything new, actually I would like to try and get a few answers before I physically create another thread. Sorry:blush:
  16. sw123

    sw123 Newcomer, in training Posts: 752

    it depends on the OS you are using on your computer

    disregard this unless your computer is running wirelessly

    I had a WPA2 encryption on my router, which was new from an AT&T service, that the technician had installed on it. I connected to my own network, but

    Wonderfully, in the middle of play Counter Strike, "WARNING: CONNECTION PROBLEM"

    guess what? The connection failed. Many times did i do this, until I changed the encryption to WEP.

    If you run Windows Vista however, and according to my research, it should be fine on WPA2. But I would still run WEP because its not going to scramble the packets with some strange encryption

    anyway, that's my two cents

    sw123 :)
  17. strategic

    strategic TechSpot Paladin Topic Starter Posts: 1,274

    Thank you for your input. This quote however confuses me. I have [1] computer running on LAN, and [1] computer on WAN via linksys wireless adapter. Same router, with WPA2, and I never had any issues with my connection. My o/s is Windows XP / XP Pro...
  18. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    It is known that WPA may have difficulties between different vender's devices.
    Sometimes updating the firmware in the router and the device driver for the WiFi will
    correct this -- sometimes not :(

    This is not an OS issue but an encryption protocol problem being non-standard in one end or the other.
  19. sw123

    sw123 Newcomer, in training Posts: 752

    Strategic:


    If you're running WinXP, make sure to set the encryption to WEP. It will fail if you run it with WPA or WPA2. WPA and WPA2 are more for Vista, or the upcoming Windows 7.
  20. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    SORRY-- WRONG! Neither of these are OS version or hotfix dependent. They are encryption techniques that are platform neutral and the issues
    for WPA/WPA2 are compatibility problems across vendors.
  21. strategic

    strategic TechSpot Paladin Topic Starter Posts: 1,274

    I think this thread may be getting confusing. I am currently running (already) with Windows XP, a WPA-PSK2 connection, it's been fine so far. I may have to change to WEP if I decide to connect an old notebook which doesn't support WPA-PSK2 (unless I change the ethernet card). I am not an expert so I can't really explain how it's been working, I just know it works...:suspiciou
  22. jobeard

    jobeard TS Ambassador Posts: 13,040   +223

    good for you :) WEP is your last choice and you're using a much better technique -- good choice.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.