Hello,
Again a straightforward doubt here. We have cryptographic protocols in wireless security like WEP, WPA, WPA2 right..So I wanted to know the difference between the PSK and non-PSK versions of these protocols. Any big difference?
Thanks.
-
Doubt in cryptographic protocols.
-
@Atharva-Bet great question, as you know these are all wireless security standards.
1 - Wired Equivalent Privacy (WEP), which was released as the first wireless security implementation. It did not take long for it to become compromised due to several weaknesses such as static key, key length and more.
2 - WiFi Protected Access (WPA), was released as a temporary improvement over WEP while the IEEE were working on the 802.11i standard (also known as WPA2). This wireless security standard implemented a technology called Temporal Key Integrity Protocol (TKIP). The key integrity protocol generated new keys for every frame. It came in to modes:
- Personal Mode -which uses a preshared key or passphrase (really just a password), that was inexpensive for residential implementations
- Enterprise mode - which requires the use of port-based authentication via 802.1X and a RADIUS server. If you remember us discussing EAP, it is implemented here (and WPA2)
3 - WiFi Protected Access 2 (WPA2 or 802.11i) - which strengthen the security over WPA by introducing AES encryption and replacing TKIP with a stronger technology called CCMP. WPA2 also has personal(PSK) and enterprise mode and can also use EAP.
4- WiFi Protected Access 3 - which allows for the strongest encryption and a newer technology called Simultaneous Authentication of Equals (SAE) that allows peer devices to discover each other and perform secure key exchange without the need for human interaction.
I hope this helps!
Best Regards,
Wes BryanKnowledge is a road to be traveled upon, not a destination to be reached~~
-
@wes-bryan Hello Sir, thanks a lot for clearing it up! Your answers have always helped me very much. I'd just like to mention that I'm just a Second Year Computer Engineering student from India so there's no need to call me 'sir', you can just call me directly by name or not call at all, I feel a little different, you know when someone so senior to me, calls me 'Sir'. Also, I am the same Atharva whose Social Engineering Awareness document you reviewed on LinkedIn and I am extremely grateful for that.
Here's the link - https://www.linkedin.com/feed/update/urn
activity:6812053131766050816/
Thank you, you are an amazing teacher/mentor. -
@Atharva-Bet Sure thing and will do! You are a great student, keep up the hard work!
Best Regards,
Wes BryanKnowledge is a road to be traveled upon, not a destination to be reached~~
