Security → Isn't WPA2 recommended? Hard to find!

I am a real newbie when it comes to networking and, while computer literate with software,only marginally with hardware. Recently got satellite internet and would like to set up a wireless network. I keep running into recommendations for WPA2 using AES, which is well and good, but looking at router specs, WPA2 doesn't seem to be that common...only the pre-N ones mainly seem to have it sometimes. And buying pre-N seems to be discouraged since not solidified yet. I'm trying to buy the right thing, but seems like I'm getting mixed messages.....what security protocol would you recommend for a new set-up? I am a home user in the country, so maybe not such a big deal.

WPA requires TKIP and AES is optional. WPA2 requires AES and supports TKIP. WPA and WPA2 are different (even when both are using AES) and do not interoperate. There is no real benefit security wise to WPA2 over WPA. TKIP and AES are both secure if you use a good passphrase. It is much more important to choose a good passphrase - as long as possible and random - than to use WPA2 and AES.

I was going by the Wi-Fi alliance's news and also Kim Komando's recommendations. Made it sound like WPA2 is really the way to go if you are buying new. »www.komando.com/tips/ind ··· x?id=296

It is, and that's the honest truth. Ironically, the place to find the "best" certified WPA2 gear is right there on the Wi-Fi Alliance's webpage: »certifications.wi-fi.org ··· x=30&y=6

I see over 900 100% certified WPA2 products. There's gotta be something you're looking for in there!

Thank you for that link....I was able to open it. I had previously tried to access this info but am also having a lot of 'can't find server' type messages because of errors in my satellite setup, probably in the existing router [which is prompting me to just go ahead and upgrade my network hopefully to fix it, but you see the vicious cycle to accomplish that] and I couldn't get the pages to come up for me when searching on my own.

Seeing this list, I'm amazed at all the ones that are certified for WPA2, but when I would peruse mfg's or seller's descriptions of the same products (which I did A LOT], no mention was made of
WPA2. For instance, the amazon description of the Linksys WRT54GS, which is on the wi-fi list, only says WPA:
»www.amazon.com/Linksys-W ··· -7760455
So, maybe 'enabling' it for WPA2 via firmware upgrading (or something) is possible, but not already present out of box? Anyway, thank for you the list access....now to figure out what I should get for a wireless satellite network, which I know would be more for a different forum. I will look through first. Knowing how iffy network setting up 'can' be, I can see I need hand-holding, I guess.

quote:

---

It is,

---

Why? I have never seen any analysis showing WPA2 is better from a performance or security viewpoint than WPA. What benefits are there to WPA2 over WPA?

quote:

---

but when I would peruse mfg's or seller's descriptions of the same products (which I did A LOT], no mention was made of WPA2.

---

Probably because there is no benefit to WPA2 for the average user. It wouldn't sell the product but could cause confusion.

Aha, inquisitive! Well, the differences aren't readily apparent to the consumer, but WPA2 basically implements the full 802.11i spec, instead of the subsetted functionality that WPA offered. WPA (while still very solid, and polished) isn't nearly as polished as WPA2.

As well, you always know that WPA2 gear supports AES, whereas WPA and WEP both only required TKIP, and WPA offered optional AES support.

To be painfully honest, if you're just interested in securing your home network with a simple pre-shared key, WPA and WPA2 are going to do the same thing equally as well.

additionally you can purchase a run-of-the-mill Buffalo or Netgear wireless router and flash it with third-party firmwares that enable/include WPA2 encryption. i have done this to both my home and work connections and they work great.

quote:

---

Well, the differences aren't readily apparent to the consumer, but WPA2 basically implements the full 802.11i spec, instead of the subsetted functionality that WPA offered.

---

While nice this doesn't answer the questions I ask. Why is WPA2 better for performance or security than WPA? Meeting an IEEE spec is nice but not necessarily beneficial. (not arguing here - just looking for reasons to care about WPA2 vs WPA.)

That's just it, assuming that WPA(1) gear you're talking about already includes the optional AES encryption scheme, the two are going to be virtually identical in terms of both performance and security in a home environment.

If you're using WPA(1) with just TKIP, WPA2 (with AES in use) is inherently more secure. In practice, however, I regard them both as equally as secure, since all present vulnerabilities attack the PSK weaknesses, and not the spec itself. WPA2 is supposed to offer the full suite of the IEEE's spec (as I already noted), instead of a subset. It basically is just more compatible and versatile in environments with more sophisticated means of authentication (not PSKs).

quote:

---

more sophisticated means of authentication (not PSKs).

---

All EAP methods are used with WPA now. For my curiosity what additions does WPA2 offer?

Many people feel AES is more secure than TKIP but there is no evidence to support this. Of course who knows what the future will bring - attacks could be developed against either one.

WPA vs WPA2 reminds me of ethernet vs the IEEE 802.2 LLC/SNAP format for transmitting IP.

Yeah, exactly. I've even read some router documentation (which I consider false), that asserted TKIP was stronger.

I just searched randomly, and found some interesting stuff:I find this documentation (he links to) even more insightful: »www.embedded.com/showArt ··· 34400002 Pretty good reading IMO.

Excellent document. Thank you for the link.

No, thank you, it forced me to do some good reading in to the differences between the two. I learned a lot, actually!

Hey, this is OT, but that snow we had today was amazing! I'm happy I didn't have to cross the Campbell bridge at River, that would've just made my morning.