dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed


SoonerAl
Premium,MVM
join:2002-07-23
Norman, OK
kudos:5
reply to antdude

Re: WPA-PSK [TKIP] + WPA2-PSK [AES]?

Well, of course its safe as long as you use sufficiently long encryption keys/passwords/pass-phrases. This also depends on your clients, ie. can they only use WPA for example versus WPA2. Its best, obviously, to use WPA2 if at all possible.

FWIW here are my wireless security guidelines for home users.

»theillustratednetwork.mvps.org/L···ity.html
--
"When all else fails read the instructions..."
MS-MVP Windows Expert - Consumer



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by SoonerAl:

Well, of course its safe as long as you use sufficiently long encryption keys/passwords/pass-phrases. This also depends on your clients, ie. can they only use WPA for example versus WPA2. Its best, obviously, to use WPA2 if at all possible.

FWIW here are my wireless security guidelines for home users.

»theillustratednetwork.mvps.org/L···ity.html

Thanks. Passphrases are basically the same as passwords (should be long and not in a pattern).
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


sbconslt

join:2009-07-28
Los Angeles, CA

1 recommendation

If all client stations support it, you should force WPA2 AES.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 recommendation

sbsonslt, concur but as long as you follow Sooner Als advice about passphrases - (I usually blab about completely random password of +20 characters using letters caps and not, numbers and symbols), but of course 48 is better!! I also tend to remind folks the same should be applied to router password (random as long as possible).



sbconslt

join:2009-07-28
Los Angeles, CA

2 recommendations

Considering the history of the attack landscape against wireless access points, brute force per se has actually been an unlikely scenario. The protocols themselves have always been the target.

Aircrack was a statistical attack against predictable factors in the WEP cipher's mode of operation, it involved some brute forcing of large numbers of cipherblocks but it could not have succeeded if not for weaknesses peculiar to WEP. And the recent Reaver was an attack on a (really stupid) design weakness in WPS, essentially a side channel attack bypassing a passphrase of any strength.

So my point is, concerning wireless security, the priority should be (1) use the right security configuration, (2) choose a strong passphrase, in that order, because that is the priority order of the threat.
--
Scott Brown Consulting