TKIP and WEP: Game Over
So the other day I read the following in WiFiNews:
TKIP and WEP won’t be allowed in new devices with the Wi-Fi stamp in a staged elimination over three years starting in 2011.
My first reaction was: “Why did it take so long?”. It is well known that WEP is one insecure standard for IEEE 802.11 Networks. I’m no security expert, but there’s something I’ve learned in the past 7 years from different sources of information: “Don’t implement WEP on your wireless network”.
According to the post, “While TKIP hasn’t been broken, it has known vulnerabilities, such as a susceptibility to dictionary-based attacks for short keys, and some very clever ways to insert packets through manipulating a flaw in the packet integrity protocol.”.
However, it looks like it’s going to take some time to be accomplished:
At the start of 2011, access points will no longer be certified with TKIP as an option by itself, commonly revealed as WPA-PSK, WPA-TKIP, or WPA Personal. Mixed modes, in which an AP can accept either TKIP or AES keys, will still be allowed. But also starting in 2011, manufacturers can opt to ship Wi-Fi hardware preset to use WPA2 out of the box.
In 2012, new Wi-Fi adapters (so-called stations in 802.11 parlance) won’t be allowed to support TKIP.
In 2013, WEP is finally disallowed for APs. While that seems incredibly late, its inclusion is there only for certain categories of legacy devices for which no other option is available.
In 2014, the mixed TKIP/AES mode for access points can no longer be included in certified devices, and WEP cannot be available to new client devices.
As you may also know, 802.11n implements 802.11i security and gives TKIP support for those non-AES devices (however, 802.11n with TKIP won’t support data rates higher than 54Mbps).
While I think this should have been done severals years ago and that security standards should walk together with 802.11 innovations (such as 802.11n), I’m also interested in finding out how to meet the point in which new security schemes will not affect 802.11 handoffs as more handshakes and protocols are added in the process.