WPA TKIP or AES?

Author	All Replies
RezaH @nrockv01.md.comcast.	WPA TKIP or AES? I've read a couple articles about WPA, and they don't seem to mention whcih is the better. My router gives the option for TKIP or AES. Which is more secure/doesn't slow down the transfer rate as much?
	to forum · permalink · 2005-08-29 18:36:25 ·
DoC_DaR join:2004-05-22 Middleburg, FL	Linksys WRT54GS v2.0 stats show that AES has 0 overhead where TKIP and WEP both take a toll. This would be because WEP and TKIP are software driven and AES is hardware driven. Also AES is said to be more secure but TKIP is also very secure.
	to forum · permalink · 2005-08-29 18:54:24 ·

flw Security Is Like An Onion, It Has Layers Premium join:2004-01-04	said by DoC_DaR: Linksys WRT54GS v2.0 stats show that AES has 0 overhead where TKIP and WEP both take a toll. This would be because WEP and TKIP are software driven and AES is hardware driven. Also AES is said to be more secure but TKIP is also very secure. Even in unencrypted packets there is overhead. AES (is not a wifi standard)I assume you mean either WPA2 or WPA-PSK and WEP/TKIP both have overhead. WPA2 requires alot more processing power due to this, which is why most AP units cannot be software upgraded, as they can not handle the overhead and encryption/decryption. MOST OVERHEADSo for overhead WPA-Radius or WPA-PSK has the most overhead which is why it requires a more powerful AP processor/chipsets and memory. LEAST OVERHEADWEP has the least overhead even with TKIP to an upgraded key management protocal. Due to current speeds of hardware, overhead is much less noticable to the user than in the past. This is unless your doing large file transfers regularly or video streaming. Even then, depending on your type of connection to the Internet, the weakest link (slowest link) all the above may make all this a mute point, since your speed on the net is slowed down below your internal network speed. Then it would make no difference at all. Now which is more secure, that is simple. 1. WPA w/Radius Server 2. WAP w/pre-shared key 3. WEP w/any add on security features turn on. Note: 1. All must be configured properly or the list can change. 2. WEP uses RC4 stream very fast cipher from RSA and TKIP. 3. WPA2 or 802.11i uses several methods from AES-CCMP and TKIP. See below for more. From: »www.openxtra.co.uk/ WPA2 The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely. In addition IVs are now used as a sequence counter, the TSC (TKIP Sequence Counter), protecting against replaying of data, a major vulnerability in WEP. Weak IV values are susceptible to attack WPA avoids using known weak IV values. A different secret key is used for each packet, and the way the key is scrambled with the secret key is more complex. Master Keys are never used directly in WPA, unlike WEP. A hierarchy of keys is used, all derived from the Master. Cryptographically this is a much more secure practice. Secure key management is built-in to WPA, so key management isn't an issue with WPA like WEP. Message integrity checking is ineffective in WEP message integrity. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of guessing the correct MIC. In practice any changed frames would first need to pass the TSC and have the correct packet encryption key even to reach the point where Micheal comes into operation. As further security Michael can detect attacks and performs countermeasures to block new attacks. -- "Keep your friends close and your enemies even closer" »www.byronil.org
	to forum · permalink · 2005-08-29 21:27:00 ·
DoC_DaR join:2004-05-22 Middleburg, FL	Let me clarify. I am aware of the fact that overhead exist in all PC communication. See the OSI model for true clarification. What I was referring to was a speed test on a wrt54g router where aes (wpa2-psk) had 0 additional overhead when compared to no security in the same router. 15% overhead when using wep and 17% overhead when using tkip (wpa-psk). This is due to wpa2 being hardware driven. The most secure, as you stated, requires more hardware and configuration than most will set up at home.
	to forum · permalink · 2005-08-29 21:48:58 ·
DoC_DaR join:2004-05-22 Middleburg, FL	Got wep wrong. Wep penalty is 10%, wpa-psk tkip 17%, wpa-psk aes is virtually 0. See »www.tomsnetworking.com/Reviews-1···GS-8.php The original question only asked wpa-psk aes or tkip. This is my answer to that question.
	to forum · permalink · 2005-08-29 22:02:14 ·
janderso1 Jim Premium,MVM join:2000-04-15 Saint Petersburg, FL	reply to RezaH AES is more secure. I don’t know what the relative overhead is. -- Jim Anderson
	to forum · permalink · 2005-08-29 22:11:04 ·
Tom Mc join:2004-06-17	reply to RezaH AES appears the most secure. I don't know about local file sharing (which I choose not to do), but for Internet downloading with my Road Runner cap of 5mbs, there has been no loss of speed using AES on my P4M 2.0ghz laptop.
	to forum · permalink · 2005-08-30 06:50:17 ·
flw Security Is Like An Onion, It Has Layers Premium join:2004-01-04	reply to RezaH Seems many are hung up on AES vs WAP which is not comparable. Why? Because the cipher type and strength is only one of serveral aspects that lead to overhead and strength of any complete protocal for wifi. You need to compare WEP VS WPA VS WPA2/802.11i. This includes various different cipher types, key handling methods, different authentication methods, and some with completely different hardware requirements as well as possible add on hardware (like a Radius Server either part of the AP or separate server). The comparison above is like comparing a bone from your one of your toe with your entire body. Not apple to apple but apple to a leaf. AES is not more secure than WEP. AES is a stronger cipher than RC4, plain and simple. That's a apples to apples comparison.
	to forum · permalink · 2005-08-30 09:47:21 ·
Tom Mc join:2004-06-17	reply to RezaH In my WRT54G router (and I suspect many (or most) others), the options are WEP or WPA, with WPA having two sub-options of TKIP and AES. So, I think this is why people generally ask the reasonable question of which is better: TKIP or AES; it is widely understood that WPA is better than WEP. In reference to such questions, the answer is AES.
	to forum · permalink · 2005-08-30 11:41:36 ·
pepperxn join:2001-02-21	reply to RezaH AES is more secure. AES is done using hardware, while TKIP is done using software, so there's less overhead using AES. How secure is AES? The NSA uses AES for top secret files. They have to use at least AES-128 for secret information, and at least AES-192 (to 256) for top secret information. It's that secure. WPA TKIP was taken from a snapshot of the incomplete 802.11i standard. In the final 802.11i standard (also called WPA2) AES is used.
	to forum · permalink · 2005-08-30 21:06:38 ·
DaDogs Semper Vigilantis Premium join:2004-02-28 Deltaville, VA	said by pepperxn: AES is more secure. AES is done using hardware, while TKIP is done using software, so there's less overhead using AES. How secure is AES? The NSA uses AES for top secret files. They have to use at least AES-128 for secret information, and at least AES-192 (to 256) for top secret information. It's that secure. WPA TKIP was taken from a snapshot of the incomplete 802.11i standard. In the final 802.11i standard (also called WPA2) AES is used. The issue that many people have with AES is the fact that NSA designed the cipher. I am not one of those people. It is also worth pointing out that NSA uses other "proprietary" ciphers when it feels that is required. -- How can I improve my WiFi signal?
	to forum · permalink · 2005-08-30 22:58:12 ·
Tom Mc join:2004-06-17	said by DaDogs: The issue that many people have with AES is the fact that NSA designed the cipher. I am not one of those people. It is also worth pointing out that NSA uses other "proprietary" ciphers when it feels that is required. The NSA did not design AES. See »tinyurl.com/a8buv
	to forum · permalink · 2005-08-31 12:08:28 ·
DaDogs Semper Vigilantis Premium join:2004-02-28 Deltaville, VA	said by Tom Mc: said by DaDogs: The issue that many people have with AES is the fact that NSA designed the cipher. I am not one of those people. It is also worth pointing out that NSA uses other "proprietary" ciphers when it feels that is required. The NSA did not design AES. See »tinyurl.com/a8buv What do you know? I should have studied up on that one. I guess it is not authorized for classified information either as was claimed elsewhere in this thread. -- How can I improve my WiFi signal?
	to forum · permalink · 2005-08-31 21:01:03 ·
Nerdtalker Working Hard, Or Hardly Working? Premium,MVM join:2003-02-18 Tucson, AZ	said by DaDogs: I guess it is not authorized for classified information either as was claimed elsewhere in this thread. I'm not sure about how recently updated that page is. It says 2001 at the bottom. said by »www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf : (6) The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use. I'm pretty sure the NSA approved it sometime in 2003. -- "Some people never see the light till it shines thru bullet holes." -Bruce Cockburn I'm testing Gmail's spam filters: Broadbandreports1@gmail.com Spam: 8800+ messages currently using 268 MB (11%) of my 2442 MB
	to forum · permalink · 2005-09-01 23:06:27 ·
B Premium,MVM join:2000-10-28	It was a whole publicly held contest among cryptographers -- I think the eventual product was to be called AES regardless of the actual cipher that won. Schneier gave some interesting running commentary during the contest, even though his own entry eventually lost. Just Google it or hit »www.schneier.com . The current AES is actually "Rijndael". -- B -- In a realm outside causality and function
	to forum · permalink · 2005-09-08 11:06:55 ·
DabberDan join:2004-11-15 Gatineau, ON Reviews: ·NBTel now Aliant 1 edit	The built in WIFI adapter in my laptop has this choice from a list: WPA2 Personal / AES-CCMP. This would indicate that I'm able to do 802.11i right? »www.techweb.com/encyclopedia/def···AES-CCMP Is it safe to assume that consummer products at the moment are able to do 802.11i? At the moment, I have my ISP's modem that has an integrated WIFI router. It has WPA /AES as an option, but I cannot make it work. Plus, the ISP only supports WEP. My plan is to buy a consummer WIFI router that enables 802.11i... this make sense?
	to forum · permalink · 2005-09-27 12:27:59 ·
jeisenberg New Year's Eve join:2001-07-06 Windsor, ON Reviews: ·Cogeco Cable	said by DabberDan: The built in WIFI adapter in my laptop has this choice from a list: WPA2 Personal / AES-CCMP. This would indicate that I'm able to do 802.11i right? »www.techweb.com/encyclopedia/def···AES-CCMP Is it safe to assume that consummer products at the moment are able to do 802.11i? At the moment, I have my ISP's modem that has an integrated WIFI router. It has WPA /AES as an option, but I cannot make it work. Plus, the ISP only supports WEP. My plan is to buy a consummer WIFI router that enables 802.11i... this make sense? The whole encryption issue is independent of the ISP and the modem - so there's no such thing as saying "the ISP only supports WEP". Encryption is something that is implemented between the Access Point (be it an AP or a wireless router) and the wireless node. The encryption is designed to make the radio signal difficult to intercept and decode. By the time the signal gets to the modem/ISP equipment, it is already in the form of packets. The packets may be "in the clear" or encrypted with SSL or other security protocols - but this is independent of the WEP/WPA/WPA2/AES jargon that is associated with WIFI. In general, when determining what protocols and security levels are supported at your end, that is based on the version of the hardware and firmware of your router, AP, and wireless node. That information is usually available from the vendor's site, or from knowledgeable users in forums such as these.
	to forum · permalink · 2005-09-27 22:56:10 ·
B Premium,MVM join:2000-10-28	I interpreted him or her to be saying that his or her ISP would only provide tech support, on that modem/router/AP supplied by the ISP, for users of the WEP protocol, and no other security features of that ISP-owned device. Which, if true, is insane, on the ISP's part. -- B -- In a realm outside causality and function
	to forum · permalink · 2005-09-28 00:13:24 ·
jeisenberg New Year's Eve join:2001-07-06 Windsor, ON Reviews: ·Cogeco Cable	said by B: I interpreted him or her to be saying that his or her ISP would only provide tech support, on that modem/router/AP supplied by the ISP, for users of the WEP protocol, and no other security features of that ISP-owned device. Which, if true, is insane, on the ISP's part. -- B I wasn't aware that ISP's provided any equipment beyond the point of the modem. But I agree that ISP's generally do not provide support for wireless setups unless you get a tech that does it out of the goodness of his/her heart.
	to forum · permalink · 2005-09-28 00:29:00 ·
B Premium,MVM join:2000-10-28	I know a lot of the DSL modems now have wired router/switches, so it's not too surprising if there are wireless models too. They call them "residential gateways". All I know in this case is that the poster wrote "I have my ISP's modem that has an integrated WIFI router." -- B -- In a realm outside causality and function
	to forum · permalink · 2005-09-28 00:34:28 ·

Broadband Tech > Security > Wireless Security > WPA TKIP or AES?