DIFFERNCE BETWEEN WEP AUTHENTICATION with OPEN,SHARED and AUTO: Discussion Forum1:

The 802.11b standard supports two means of client authentication between the wireless NIC and the AP: open and shared key authentication. Open key authentication involves supplying the correct SSID. With shared key authentication, the AP sends the client device a challenge text packet that the client must then encrypt with the correct WEP key and return to the AP. If the client has the wrong key or no key, authentication will fail and the client will not be allowed to associate with the AP. Shared key authentication is not considered secure, because a hacker who detects both the clear-text challenge and the same challenge encrypted with a WEP key can decipher the WEP key. With open key authentication, even if a client can complete authentication and associate with an AP, the use of WEP prevents the client from sending data to and receiving data from the AP, unless the client has the correct WEP key." In the 802.11 standard, a device first Authenticates to the AP, and then Associates. The original designers intended that there would be a number of different Authentication methods to control who could use an AP. In the 1999 version of the standard, 2 Authentication methods are defined: Open and Shared. In Open, any device can Authenticate to the AP. In Shared, only devices with the WEP key can successfully Authenticate. Sounds good so far..... The problem with Authenticate, is that were it is in the process of establishing connectivity, none of the higher-level protocols, like 802.1X can be run inside of the Authenticate 802.11 frames. So 802.11i does not use it, just uses Open Authenticate. Shared Authenticate has a serious flaw, in that it is a simple challenge/response protocol. This design is very open to offline dictionary attacks. A WEP key would easily be exposed. Additionally, even in Open Authentication, a device that did not have the WEP key would not be able to communicate via the AP, as the AP would discard all data packets from the device. Bottom line: Shared Authentication does not add any security, and may weaken your security. Don't bother with it.

What are IEEE* 802.11 Wi-Fi open and shared authentication?

A user or client, also called an end or mobile station, must authenticate before associating with an Access Point (AP), or broadband Wi-Fi router, and gaining access to the Wi-Fi Local Area Network (LAN). The IEEE* (Institute of Electrical and Electronics Engineers, Inc.) 802.11 standard defines two link-level types of authentication: Open System and Shared Key. Open System Authentication Open system authentication simply consists of two communications. The first is an authentication request by the client that contains the station ID (typically the MAC address). This is followed by an authentication response from the AP/router containing a success or failure message. An example of when a failure may occur is if the client's MAC address is explicitly excluded in the AP/router configuration.

Shared Key Authentication

Shared key authentication relies on the fact that both stations taking part in the authentication process have the same "shared" key or passphrase. The shared key is manually set on both the client station and the AP/router. Three types of shared key authentication are available today for home or small office WLAN environments. Wired Equivalent Privacy (WEP) WEP is not recommended for a secure WLAN due to its inherent weaknesses. One of the main security risks is a hacker can capture the encrypted form of an authentication response frame, using widely available software applications, and use the information to crack WEP encryption. The process consists of an authentication request from the client, clear challenge text from the AP/router, encrypted challenge text from the client and an authentication response from the AP/router. Two levels for WEP keys/passphrases: 1. 64-bit: 40 bits dedicated to encryption and 24 bits allocated to Initialization Vector (IV). It may also be referred to as 40-bit WEP. 2. 128-bit: 104 bits dedicated to encryption and 24 bits allocated to Initialization Vector (IV). It may also be referred to as 104-bit WEP. WPA (Wi-Fi Protected Access)* WPA was developed by the Wi-Fi Alliance* (WFA) prior to full ratification of IEEE 802.11i, but it complies with the wireless security standard. It is a security enhancement that strongly increases the level of data protection and access control (authentication) to a wireless network. WPA enforces IEEE 802.1X authentication and key-exchange and only works with dynamic encryption keys. Users might see different naming conventions for WPA in a home or small-office environment. Examples are WPA-Personal, WPA-PSK, WPA-Home, etc. In any event, a common pre-shared key (PSK) must be manually configured on both the client and AP/router.

WPA2 (Wi-Fi Protected Access 2)* WPA2 is a security enhancement to WPA. The two are not interoperable so a user must ensure the client station and AP/router are configured using the same WPA version and pre-shared key (PSK).