Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

Summary: The Wi-Fi Alliance is getting ready to put an end to WEP and TKIP on access points and WiFi devices.

SHARE:
TOPICS: Mobility, Wi-Fi
36

The Wi-Fi Alliance is getting ready to put an end to WEP and TKIP on access points and WiFi devices.

As early as January 2011 the Wi-Fi Alliance plans to disallow TKIP on access points, with the standard being disallowed on all WiFi devices by 2012.

WEP gets a slight stay of execution, with the standard being banned on access points from 2013, with the near useless and outdated encryption standard being banned from all WiFi devices a year later.

WPA2-Mixed mode, which allows TKIP, will also go 2014, leaving only WPA2-AES.

Good news - couldn't come soon enough as far as I'm concerned.

Topics: Mobility, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • Alliance has a lot to answer for

    Their bumbling approach to security has enabled hackers and thieves to cause billions in damages over the last few years, but with none of the costs borne by the member companies. In fact they have profited from the confusing mess of incomplete standards, in terms of rapid obsolescence and replacement of gear, and in providing expensive consulting services to sort out their self-created mess.

    While 20-20 hindsight doesn't help the mess that's currently deployed and that remains vulnerable, it should be used as a learning experience to guide better cooperation and focus on security going forward.
    terry flores
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @terry flores
      I dunno if I'd blame the alliance so much. The ability to crack these things have gotten easier over time. The main problem is that people still use these things even though it is widely known that they are insecure. When I switched from DSL to FIOS, Verizon setup the AP with WEP! I changed that to WPA2-AES. Verizon should know better.

      Note too that many devices didn't even support WPA2 without a firmware upgrade.
      DevGuy_z
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @terry flores
      Please, the first blame should be on end users. How many of them don't even know what wifi security is all about with their wide open devices.
      rengek
  • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

    What is and is not in the wireless LAN standard is determined by the IEEE Standars Development Organization that owns all IEEE 802 standards. The Wi-Fi Alliance members can propose changes to the IEEE 802.11 Working Group for changes in the IEEE 802.11 standards but can not mandate, allow, or disallow anything!
    ThriceRetired
  • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

    Banning old standards is not the answer: aggressively promoting new ones to replace the older, ineffective ones is a better way forward. Also, as another poster said, it isn't up to the Alliance, but the IEEE.<br><br>Furthermore, what of all the people whose laptops will suddenly be useless? <br><br> You mention WPA2-Mixed mode and WPA2-AES, but when I look at my laptop I see the following EAP Types listed under WPA/WPA2: EAP-TLS, EAP-TTLS, PEAP(EAP-GTC), PEAP(EAP-MSCHAP V2), LEAP, EAP-FAST ! If the Alliance is going to do away with certain encryption types then it should first round up all the types that there are and produce some sort of reference - there's enough alphabet soup here to keep Campbell's going for a week!
    LeMike
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @LeMike
      Just getting rid of the bad stuff. Personally I think banning stuff that is massively insecure is a very good thing. I agree with Adrian on that one. Won't affect you if you are using the old standard. It just won't be available on either new equipment or possibly (not likely) on new firmware.
      DevGuy_z
  • Should use them already

    Should be using the better security settings already regardless of the status of the less secure settings.
    The only sytems that have to use regular WEP are those that must use a Win98 or Me system for some special software or function, like one of my machines.
    Those would not normally have anything that needs good securing anyways unless you are really interseted in seeing readouts from motors.
    MoeFugger
  • 'ASSUMED' ALLIANCE POWERS?

    "The Wi-Fi Alliance can propose changes to the IEEE 802.11 Working Group for changes in the IEEE 802.11 standards but can not mandate, allow, or disallow anything!"

    OH! SORT-OF LIKE WHAT THE LIBSOCIALISTS DEMs R DOING IN CONGRESS RIGHT NOW -WITH ALL OUR TAX DOLLARS!

    heh... just a little right-time Wit!

    g
    xyzxyz@...
  • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

    I'm with LeMike. My devices, issued now and through the next year or three, must not be made obsolete and useless by this edict. My EVO 4G better work as a wifi device after 2013... and who the hell are they to dictate what cannot be used anymore? Promote something, that's fine, but banning an existing protocol is not their prerogative.
    SpectreWriter
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @SpectreWriter
      Not an issue. It just means that new devices won't ship with the banned stuff. While they could update the firmware for your devices (unlikely) you still wouldn't have to install it. So don't worry, you can keep using WEP if you wanna (in that case you should worry as it is terribly insecure) but new APs and wifi devices won't support it.
      DevGuy_z
  • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

    Just another way to sell more hardware...Look at all the security holes in software and who really cares...
    I do very little business over the internet...its a sewer
    proton_z
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @proton_z
      Has nothing to do with buying more hardware. The old stuff will continue to work just fine.
      DevGuy_z
  • As many red herring as grow in the wood

    banning mandating laptops becoming useless.... Although I wholeheartedly support promoting secure standards and reducing the chance of people making poor choices through ignorance, I also recognize that change often creates new problems. That said, many of the concerns voiced here are verging on hogwash

    Only new devices can be affected by such moves - old laptops will still work with old routers/access points, and a new network adapter can always be plugged in if needed. I doubt the computer thought police will search for miscreants clinging to WEP

    and since WEP is virtually useless, why not just turn off encryption... (or is that banned too?)

    I also find it unreasonable that anyone's likely to sit outside my apartment for days at a time waiting for me to enter an important password. It strikes me that this whole question is of far more significance to business than Joe Public, and if they're still using 5 year old laptops with wireless adapters that only support WEP, they've probably got more urgent concerns to address than WiFi security

    and I do recognize the importance of preventing someone using my internet and letting me take the rap for their nefarious deeds
    redking44
    • Bigger than u think.

      @redking44
      Many Joe Public participate in business. If I can gain access to your home wifi via WEP, I stand a good chance at gaining access to your business wifi or at least business information. Some people share passwords and other have confidential docs on their drives.

      You are correct that legacy equipment will still work just fine. Unless very old, laptops should have no problem with WPA2-AES. My wife has an old DELL B130 (PIII) and it works fine with WPA2-AES. Its just that after a while APs and devices will only work with WPA2-AES or whatever comes next.
      DevGuy_z
  • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

    How about that MAC Address secutiry. I have my router set to allow access by MAC. Is that not secure enough?
    prof.ebral
    • No

      @prof.ebral MAC filtering doesn't help you at all "IF" someone is trying to hack your network. MAC filtering does add a layer of complexity, but it is by no means making your network very secure since MAC addresses can easily be spoofed.<br><br><a href="http://en.wikipedia.org/wiki/Wireless_security#MAC_ID_filtering" target="_blank" rel="nofollow">http://en.wikipedia.org/wiki/Wireless_security#MAC_ID_filtering</a>
      Mycah Mason
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @prof.ebral-

      It is not secure enough. Unfortunately, despite the early promises that the MAC would be embedded in ROM, on many (most?) machines, you can rewrite the MAC to any value you want using the right software. So the attacker only needs to do that.

      Now how he figures out that right value is another question: I used to know the answer to that one, but I don't remember. Perhaps by listening in on a successful connection?
      mejohnsn
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @prof.ebral
      Mac addresses can be easily spoofed.
      rengek
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      Even WEP is more secure!
      JeremyBoden
    • RE: Wi-Fi Alliance to dump WEP and TKIP ... not soon enough

      @prof.ebral I can easily spoof MAC addresses with off the shelf equipment - MAC address changing is available on many consumer routers. You think hackers are gonna have a hard time with this?

      No, it's not secure enough.
      CobraA1