The 802.11b standard supports two means of client authentication between the wireless NIC and the AP: open and shared key authentication. Open key authentication involves supplying the correct SSID. With shared key authentication, the AP sends the client device a challenge text packet that the client must then encrypt with the correct WEP key and return to the AP. If the client has the wrong key or no key, authentication will fail and the client will not be allowed to associate with the AP. Shared key authentication is not considered secure, because a hacker who detects both the clear-text challenge and the same challenge encrypted with a WEP key can decipher the WEP key. With open key authentication, even if a client can complete authentication and associate with an AP, the use of WEP prevents the client from sending data to and receiving data from the AP, unless the client has the correct WEP key." In the 802.11 standard, a device first Authenticates to the AP, and then Associates. The original designers intended that there would be a number of different Authentication methods to control who could use an AP. In the 1999 version of the standard, 2 Authentication methods are defined: Open and Shared. In Open, any device can Authenticate to the AP. In Shared, only devices with the WEP key can successfully Authenticate. Sounds good so far..... The problem with Authenticate, is that were it is in the process of establishing connectivity, none of the higher-level protocols, like 802.1X can be run inside of the Authenticate 802.11 frames. So 802.11i does not use it, just uses Open Authenticate. Shared Authenticate has a serious flaw, in that it is a simple challenge/response protocol. This design is very open to offline dictionary attacks. A WEP key would easily be exposed. Additionally, even in Open Authentication, a device that did not have the WEP key would not be able to communicate via the AP, as the AP would discard all data packets from the device. Bottom line: Shared Authentication does not add any security, and may weaken your security. Don't bother with it.
A user or client, also called an end or mobile station, must authenticate before associating with an Access Point (AP), or broadband Wi-Fi router, and gaining access to the Wi-Fi Local Area Network (LAN). The IEEE* (Institute of Electrical and Electronics Engineers, Inc.) 802.11 standard defines two link-level types of authentication: Open System and Shared Key. Open System Authentication Open system authentication simply consists of two communications. The first is an authentication request by the client that contains the station ID (typically the MAC address). This is followed by an authentication response from the AP/router containing a success or failure message. An example of when a failure may occur is if the client's MAC address is explicitly excluded in the AP/router configuration.
WPA2 (Wi-Fi Protected Access 2)* WPA2 is a security enhancement to WPA. The two are not interoperable so a user must ensure the client station and AP/router are configured using the same WPA version and pre-shared key (PSK).