WEP and TKIP Wi-Fi encryption methods to be discontinued

The Wi-Fi Alliance (WFA) trade group tests Wi-Fi devices for their conformity with the IEEE standards and for their interoperability. The certificate ("Wi-Fi certified") issued for devices which pass the test is to ensure that devices sold by different vendors can co-operate. Over the coming three years, the outdated WEP and WPA-TKIP Wi-Fi encryption methods are to be removed from the WFA's test schedule. The IEEE standards association had already put the WEP standard, which is known to be unsafe, on its hit list in 2004 and intends to add the vulnerable TKIP standard soon.

As early as January of 2011, the WFA plans to disallow TKIP for new access points (APs); from 2012, the obsolete standard is to be disallowed in all Wi-Fi devices. For WEP, the bell will toll a little later: From 2013, access points (APs) will no longer be allowed to offer WEP, and a year later the standard will be disallowed in all Wi-Fi devices. In addition, the WPA2-Mixed mode, in which access points are allowed to offer TKIP for secondary encryption, will be removed in 2014. Only WPA2-AES is to be permissible from then on.

Incomprehensibly, the WFA couldn't bring itself to stipulate that vendors use a secure standard configuration in which Wi-Fi access points are factory-set to use WPA2-AES with individual keys. Unencrypted APs continue to be permissible, although the WFA has long established Wi-Fi Protected Set-up (WPS) as a simple way of transmitting Wi-Fi settings at the push of a button or by entering a PIN.

Wi-Fi routers that are factory-set to encrypted mode will, therefore, probably remain the exception. Although according to a Wi-Fi ruling by the German Supreme Court (BGH), even security-enabled routers should be given their own Wi-Fi key for added security.

(crve)