dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2454
share rss forum feed

mystiky2

join:2009-01-05
Brooklyn, NY

[Wireless] Using WPA2 with Linksys WRT300N router - help

I have a WRT300N router, version 1.1 using the latest firmware (Firmware Version: v1.51.2).

I want to start using WPA2 Personal (or WPA Personal)encryption for my wireless connections around the house (both of my laptops fully support them), but when I started to setup I saw the following mandatory entry for both:

"Key Renewal" - which must be set somewhere between 600-7200 seconds.

Now, what does this exactly mean? Does it mean that even if I set the parameter to 7200 seconds, that the passphrase will need to be changed every 7200 seconds?

I want top security, but I want the two laptops to always stay connected to my network and not having to re-enter a new passphrase every 7200 seconds.

Or am I misunderstand something?

All input and help is appreciated. BTW: I am currently running WEP 128-bit encryption with 26 hex characters.



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

3 edits

1 recommendation

The short answer is no worry. Your passphrase is valid forever.

The long answer is...

Think of that passphrase like a password. WPA then securely uses changing session keys you never have to worry about. THESE keys are what's changing. Most set 1800 (30 minutes) or 3600 seconds (1 hour). One of those should be default I think.

For *top* security use a loooooong jibberish passphrase. Nothing from a dictionary. Many use: »www.grc.com/passwords.htm These take the age of the universe to crack by guessing.

The only (known) vulnerability of WPA is "guessing". That's why dictionary words are far less secure.

And congrats on getting off WEP. It's been badly broken for quite a while. WPA has some tiny cracks but still very very strong.

HTH


mystiky2

join:2009-01-05
Brooklyn, NY

4 edits

Hi -- thanks so MUCH for the reply and the explanation.

I choose:

WPA2 - Personal, using TKIP or AES (as AES doesn't work for some older devices) and set the Key Renewal to 3600 seconds.

This was really easy to setup, and thanks for that link that generates those crazy passcodes.

Does it look good for you?



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2

1 edit

It looks great but you did say "top security". TKIP is very good but AES is state-of-the-art... if you can use it of course.

Good Luck!


mystiky2

join:2009-01-05
Brooklyn, NY

I nopticed that since I have set it to "TKIP or AES" that my old IBMD T43 laptop displays my wilress encryption as "WPA", while the much newer HP laptop displays it as "WPA2". I guess that the WRT300N is smart enough to know to use AES if it is supported and if not, send the TKIP signal.



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

You're getting into the finer parts of "WPA" and "WPA2".

TKIP is specifically a stop-gap measure that older WEP hardware can do with firmware changes. At least that was the goal - the industry wanted to get all they could from old chips I guess.

To make matters worse, much of this stuff was pre-released and incompatibility abounds.

"WPA2" must include the newer AES (which is really part of CCMP but rarely called that) but also includes the TKIP from "WPA". So the confusion you see is understandable since TKIP is more associated with "WPA".

RC4 / TKIP (started in WPA)
AES / CCMP (started in WPA2)

The encryption / protocol list is above. Why they refer to TKIP (a protocol) vs. AES (an encryption) is a strange combo everyone is simply doing that makes little sense. Hard to keep track without a scorecard.


jbibe
Premium,MVM
join:2001-02-22

1 edit

said by Bill_MI:

Why they refer to TKIP (a protocol) vs. AES (an encryption) is a strange combo everyone is simply doing that makes little sense.
My guess: The original AES-based proposal for 802.11i was WRAP. It was replaced by CCMP when the design team discovered potential patent problems. While WRAP and CCMP were being debated, the method became known as AES rather than AES-WRAP or AES-CCMP. WRAP is interesting because it requires about half the computing power of CCMP.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

3 edits

Hiya jb and thanks for the additional which sounds quite feasible. WRAP is a new one on me. I had always figured AES, which was the ultimate winner of the an encryption contest (I forget for what), was simply the "star of the show" so got top billing.

The selection should be between TKIP and CCMP. But with CCMP called AES by so many - no one is gonna change it now.

And WEP and TKIP both use RC4, which isn't a bad encryption algorithm. It's just that TKIP designed with RC4 correctly and WEP didn't. I think it was the hardware RC4 modules that prompted TKIP to be able to use that same hardware.