dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
26636
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

1 edit

WPA-PSK [TKIP] + WPA2-PSK [AES]?

Hello.

I just got, installed the latest firmware, set up/configured, and a new Netgear Router R6300 for a family client. So far, it works on both a network cable and wireless to the Internet (a new cable modem).

On 192.168.1.1/WLG_wireless_dual_band.htm for its wireless setup, there are two sections for networks (2.4GHz b/g/n and 5GHz a/n/ac). They both have these security options:
None
WPA-PSK [TKIP]
WPA2-PSK [AES]
WPA-PSK [TKIP] + WPA2-PSK [AES]

Is it safe to use "WPA-PSK [TKIP] + WPA2-PSK [AES]"? After reading the two wireless security FAQs linked in this forum, I am still confused. Router did warn me that using it would not give me full N/AC speeds which is OK at the moment since no current family's wireless devices have that yet.

I find it amusing that WEP is hidden in the first section (2.4 GHz) unless I click on WPA-PSK [TKIP] option, click on the speed dialog box's OK button. I thought WEP was completely removed, but "None" is never hidden. Weird design.

Thank you in advance.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.



SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5

Well, of course its safe as long as you use sufficiently long encryption keys/passwords/pass-phrases. This also depends on your clients, ie. can they only use WPA for example versus WPA2. Its best, obviously, to use WPA2 if at all possible.

FWIW here are my wireless security guidelines for home users.

»theillustratednetwork.mvps.org/L···ity.html
--
"When all else fails read the instructions..."
MS-MVP Windows Expert - Consumer



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by SoonerAl:

Well, of course its safe as long as you use sufficiently long encryption keys/passwords/pass-phrases. This also depends on your clients, ie. can they only use WPA for example versus WPA2. Its best, obviously, to use WPA2 if at all possible.

FWIW here are my wireless security guidelines for home users.

»theillustratednetwork.mvps.org/L···ity.html

Thanks. Passphrases are basically the same as passwords (should be long and not in a pattern).
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


sbconslt

join:2009-07-28
Los Angeles, CA

1 recommendation

If all client stations support it, you should force WPA2 AES.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 recommendation

sbsonslt, concur but as long as you follow Sooner Als advice about passphrases - (I usually blab about completely random password of +20 characters using letters caps and not, numbers and symbols), but of course 48 is better!! I also tend to remind folks the same should be applied to router password (random as long as possible).



sbconslt

join:2009-07-28
Los Angeles, CA

2 recommendations

Considering the history of the attack landscape against wireless access points, brute force per se has actually been an unlikely scenario. The protocols themselves have always been the target.

Aircrack was a statistical attack against predictable factors in the WEP cipher's mode of operation, it involved some brute forcing of large numbers of cipherblocks but it could not have succeeded if not for weaknesses peculiar to WEP. And the recent Reaver was an attack on a (really stupid) design weakness in WPS, essentially a side channel attack bypassing a passphrase of any strength.

So my point is, concerning wireless security, the priority should be (1) use the right security configuration, (2) choose a strong passphrase, in that order, because that is the priority order of the threat.
--
Scott Brown Consulting


twixt

join:2004-06-27
North Vancouver, BC

1 recommendation

reply to antdude

said by antdude:

Hello.

I just got, installed the latest firmware, set up/configured, and a new Netgear Router R6300 for a family client. So far, it works on both a network cable and wireless to the Internet (a new cable modem).

On 192.168.1.1/WLG_wireless_dual_band.htm for its wireless setup, there are two sections for networks (2.4GHz b/g/n and 5GHz a/n/ac). They both have these security options:
None
WPA-PSK [TKIP]
WPA2-PSK [AES]
WPA-PSK [TKIP] + WPA2-PSK [AES]

Is it safe to use "WPA-PSK [TKIP] + WPA2-PSK [AES]"? After reading the two wireless security FAQs linked in this forum, I am still confused. Router did warn me that using it would not give me full N/AC speeds which is OK at the moment since no current family's wireless devices have that yet.

I find it amusing that WEP is hidden in the first section (2.4 GHz) unless I click on WPA-PSK [TKIP] option, click on the speed dialog box's OK button. I thought WEP was completely removed, but "None" is never hidden. Weird design.

Thank you in advance.

-

Hi, antdude. Have a look at the following:

»forum.aircrack-ng.org/index.php?topic=6002.0

Please note the date of publication.

Also see the information referenced in the posts in that thread.

Then tell me what you think of TKIP.

-

It's been disabled on my machine for years...

-

Hope this helps.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by twixt:

said by antdude:

Hello.

I just got, installed the latest firmware, set up/configured, and a new Netgear Router R6300 for a family client. So far, it works on both a network cable and wireless to the Internet (a new cable modem).

On 192.168.1.1/WLG_wireless_dual_band.htm for its wireless setup, there are two sections for networks (2.4GHz b/g/n and 5GHz a/n/ac). They both have these security options:
None
WPA-PSK [TKIP]
WPA2-PSK [AES]
WPA-PSK [TKIP] + WPA2-PSK [AES]

Is it safe to use "WPA-PSK [TKIP] + WPA2-PSK [AES]"? After reading the two wireless security FAQs linked in this forum, I am still confused. Router did warn me that using it would not give me full N/AC speeds which is OK at the moment since no current family's wireless devices have that yet.

I find it amusing that WEP is hidden in the first section (2.4 GHz) unless I click on WPA-PSK [TKIP] option, click on the speed dialog box's OK button. I thought WEP was completely removed, but "None" is never hidden. Weird design.

Thank you in advance.

-

Hi, antdude. Have a look at the following:

»forum.aircrack-ng.org/index.php?topic=6002.0

Please note the date of publication.

Also see the information referenced in the posts in that thread.

Then tell me what you think of TKIP.

-

It's been disabled on my machine for years...

-

Hope this helps.

Thanks. Hmm, I wonder if the old wireless devices can handle WPA2-PSK [AES] like an old 15" MacBook Pro from 2008. An iPhone 4S should be OK. I definitely know a Dell Optiplex with its very old D-Link DWL-120+ USB wireless adapter can't (only does WEP) and W2K SP4. Ugh.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.