dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
34316

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

1 edit

antdude

Premium Member

WPA-PSK [TKIP] + WPA2-PSK [AES]?

Hello.

I just got, installed the latest firmware, set up/configured, and a new Netgear Router R6300 for a family client. So far, it works on both a network cable and wireless to the Internet (a new cable modem).

On 192.168.1.1/WLG_wireless_dual_band.htm for its wireless setup, there are two sections for networks (2.4GHz b/g/n and 5GHz a/n/ac). They both have these security options:
None
WPA-PSK [TKIP]
WPA2-PSK [AES]
WPA-PSK [TKIP] + WPA2-PSK [AES]

Is it safe to use "WPA-PSK [TKIP] + WPA2-PSK [AES]"? After reading the two wireless security FAQs linked in this forum, I am still confused. Router did warn me that using it would not give me full N/AC speeds which is OK at the moment since no current family's wireless devices have that yet.

I find it amusing that WEP is hidden in the first section (2.4 GHz) unless I click on WPA-PSK [TKIP] option, click on the speed dialog box's OK button. I thought WEP was completely removed, but "None" is never hidden. Weird design.

Thank you in advance.

SoonerAl
MVM
join:2002-07-23
Norman, OK

SoonerAl

MVM

Well, of course its safe as long as you use sufficiently long encryption keys/passwords/pass-phrases. This also depends on your clients, ie. can they only use WPA for example versus WPA2. Its best, obviously, to use WPA2 if at all possible.

FWIW here are my wireless security guidelines for home users.

»theillustratednetwork.mv ··· ity.html

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

said by SoonerAl:

Well, of course its safe as long as you use sufficiently long encryption keys/passwords/pass-phrases. This also depends on your clients, ie. can they only use WPA for example versus WPA2. Its best, obviously, to use WPA2 if at all possible.

FWIW here are my wireless security guidelines for home users.

»theillustratednetwork.mv ··· ity.html

Thanks. Passphrases are basically the same as passwords (should be long and not in a pattern).

sbconslt
join:2009-07-28
Los Angeles, CA

1 recommendation

sbconslt

Member

If all client stations support it, you should force WPA2 AES.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

1 recommendation

Anav

Premium Member

sbsonslt, concur but as long as you follow Sooner Als advice about passphrases - (I usually blab about completely random password of +20 characters using letters caps and not, numbers and symbols), but of course 48 is better!! I also tend to remind folks the same should be applied to router password (random as long as possible).

sbconslt
join:2009-07-28
Los Angeles, CA

2 recommendations

sbconslt

Member

Considering the history of the attack landscape against wireless access points, brute force per se has actually been an unlikely scenario. The protocols themselves have always been the target.

Aircrack was a statistical attack against predictable factors in the WEP cipher's mode of operation, it involved some brute forcing of large numbers of cipherblocks but it could not have succeeded if not for weaknesses peculiar to WEP. And the recent Reaver was an attack on a (really stupid) design weakness in WPS, essentially a side channel attack bypassing a passphrase of any strength.

So my point is, concerning wireless security, the priority should be (1) use the right security configuration, (2) choose a strong passphrase, in that order, because that is the priority order of the threat.
twixt
join:2004-06-27
North Vancouver, BC

1 recommendation

twixt to antdude

Member

to antdude
said by antdude:

Hello.

I just got, installed the latest firmware, set up/configured, and a new Netgear Router R6300 for a family client. So far, it works on both a network cable and wireless to the Internet (a new cable modem).

On 192.168.1.1/WLG_wireless_dual_band.htm for its wireless setup, there are two sections for networks (2.4GHz b/g/n and 5GHz a/n/ac). They both have these security options:
None
WPA-PSK [TKIP]
WPA2-PSK [AES]
WPA-PSK [TKIP] + WPA2-PSK [AES]

Is it safe to use "WPA-PSK [TKIP] + WPA2-PSK [AES]"? After reading the two wireless security FAQs linked in this forum, I am still confused. Router did warn me that using it would not give me full N/AC speeds which is OK at the moment since no current family's wireless devices have that yet.

I find it amusing that WEP is hidden in the first section (2.4 GHz) unless I click on WPA-PSK [TKIP] option, click on the speed dialog box's OK button. I thought WEP was completely removed, but "None" is never hidden. Weird design.

Thank you in advance.

-

Hi, antdude. Have a look at the following:

»forum.aircrack-ng.org/in ··· c=6002.0

Please note the date of publication.

Also see the information referenced in the posts in that thread.

Then tell me what you think of TKIP.

-

It's been disabled on my machine for years...

-

Hope this helps.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

said by twixt:

said by antdude:

Hello.

I just got, installed the latest firmware, set up/configured, and a new Netgear Router R6300 for a family client. So far, it works on both a network cable and wireless to the Internet (a new cable modem).

On 192.168.1.1/WLG_wireless_dual_band.htm for its wireless setup, there are two sections for networks (2.4GHz b/g/n and 5GHz a/n/ac). They both have these security options:
None
WPA-PSK [TKIP]
WPA2-PSK [AES]
WPA-PSK [TKIP] + WPA2-PSK [AES]

Is it safe to use "WPA-PSK [TKIP] + WPA2-PSK [AES]"? After reading the two wireless security FAQs linked in this forum, I am still confused. Router did warn me that using it would not give me full N/AC speeds which is OK at the moment since no current family's wireless devices have that yet.

I find it amusing that WEP is hidden in the first section (2.4 GHz) unless I click on WPA-PSK [TKIP] option, click on the speed dialog box's OK button. I thought WEP was completely removed, but "None" is never hidden. Weird design.

Thank you in advance.

-

Hi, antdude. Have a look at the following:

»forum.aircrack-ng.org/in ··· c=6002.0

Please note the date of publication.

Also see the information referenced in the posts in that thread.

Then tell me what you think of TKIP.

-

It's been disabled on my machine for years...

-

Hope this helps.

Thanks. Hmm, I wonder if the old wireless devices can handle WPA2-PSK [AES] like an old 15" MacBook Pro from 2008. An iPhone 4S should be OK. I definitely know a Dell Optiplex with its very old D-Link DWL-120+ USB wireless adapter can't (only does WEP) and W2K SP4. Ugh.