I'll say it again - the passphrase you use no matter how go or how bad it is has nothing
to do with the AES or TKIP key.
WPA-PSK will keep out the casual wardriver but of all the WPA methods, it is the weakest but I never mentioned it
Never mentioned what - WPA-PSK? There are two way to use WPA - preshared key which is what you are talking about when you mentino the user's password and WPA Enterprise which uses a radius or other server.
WPA-PSK is weak because a hacker can trick your wireless router into revealing it's initial handshake with a client
There is no trick involved. The 4 messages used during the WPA authentication are broadcast. Anyone can capture them just like they can capture any message the AP or the client sends.
much longer with a DES type encryption method like AES.
DES has nothing to do with AES. AES can be brute force attacked with a dictionary just like virtually any other encryption method. It is the weak passphrase which is attacked, not the encryption method.
older WPA-TKIP and the newer WPA-AES
What is the "older WPA-TKIP" you speak of? And what is the "newer WPA-AES"?
There are two "versions" of WPA which can be used to authenticate you with the AP and to provide the encryption key to the client - WPA and WPA2. WPA requires that TKIP be supported for data
encryption. AES is optional. WPA2 requires AES for data
encryption with TKIP optional. Again neither uses encryption during the initial 4 messages. And neither uses your passphrase to encrypt anything. Once the handshake is complete it does not matter what passphrase you used. The data being sent on the wireless network is protected by RC4 or AES using a strong pseudo-random
key created during the handshake. It is the 4 messages during the initial handshake which are vulnerable if you use a weak key.
The recommendation for typical users is to use a passphrase of at least 25 characters (including upper and lower case, numbers and punctuation). If you are able to generate truly random passphrase it can be fewer characters. But remember that using ASCII characters you cannot use all possible 8 bit characters with most devices since they do not accept many of the non-printing characters. If you want a truly random key, generate a 256 bits of random data and enter that as the 64 hex digit key (not necessary or recommend for most people). And please do not mention encryption or RC4 or AES when speaking of the passphrase since the passphrase has no relation to any of these three items. It only confuses people if you do.