• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Tkip+aes?

John Connor

John Connor

Lifer
I use an old WRT54GL with DD-WRT and I currently use TKIP+AES WPA2 for WIFI security with a 64 digit key. After reading this I wonder if I'm vulnerable to an attack. I do have a program that can brute force a WPA key, but I thought that only WPA could be brute forced.

Question: Am I vulnerable?
 
Is it verbally correct to say Men can go to the Moon?

Of course Men did it decades ago.

Given the resources that are needed to go there is it really Not an option at large?

Same with WPA2, a while ago a research group with unique scientific computing power claim that they mange to brake once a WPA2 key.

Quote: "AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. 50 supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space".

http://en.wikipedia.org/wiki/Brute-force_attack

😎
 
John Connor said:
I use an old WRT54GL with DD-WRT and I currently use TKIP+AES WPA2 for WIFI security with a 64 digit key. After reading this I wonder if I'm vulnerable to an attack. I do have a program that can brute force a WPA key, but I thought that only WPA could be brute forced.

Question: Am I vulnerable?
Click to expand...

Yes, don't sleep at night....

Change it to AES only.

Now you can sleep.
 
John Connor said:
I use an old WRT54GL with DD-WRT and I currently use TKIP+AES WPA2 for WIFI security with a 64 digit key.
Click to expand...

The purpose of TKIP was to find a way that old 802.11 hardware that only supported RC4 crypto hardware acceleration could have some improved security without the need to replace everything. That is, it's WPA/TKIP is a security improvement over WEP that can run fast on the same old hardware as WEP could.

Pretty much all 802.11g and newer generation hardware supports AES crypto hardware acceleration. Once you have that, you don't want or need TKIP. Also, WPA2 has some security improvements over WPA.

I'm a little confused by your description of "TKIP+AES WPA2" - I didn't think such a thing existed, I thought TKIP was obsolete as of WPA2. Either way, don't use TKIP anymore. Do use AES, do use WPA2.
 
cmetz said:
I'm a little confused by your description of "TKIP+AES WPA2" - I didn't think such a thing existed, I thought TKIP was obsolete as of WPA2. Either way, don't use TKIP anymore. Do use AES, do use WPA2.
Click to expand...

Yeah, some Wireless Routers has bizarre variety of choices.

Unfortunately marketing has more bearing on End-Users' Devices than real Technology and Security issues.

If New Wireless Router has No starlight configuration to pure WPA2, do not buy it.

If One has an older Router that does not have a pure configuration to Pure WPA+AES (WPA + AES is the WPA2 version in pre IEEE Standard devices) rid of it.

--------------
P.S. Many Routers have a WPA2 Personal or and WPA2 Enterprise.

Both are WPA2 secured. The Enterprise level has to be used when a Radius Server or similar Enterprise concoctions are involved.



😎
 
This is my current setup.

tyLC2Zg.jpg



Here are the security modes available.

t0sSISZ.jpg



And this is the algorithms.

RWmvGmq.jpg
 
I'd turn off tkip for the reason that routers often are unreliable with getting devices connected and staying connected with both encryption options enabled.

The added security is just a bonus.

It is 2014, chances of having a device that does not support aes is just too small to even care.
 
Well, my netbook a Dell mini 910 can use the WIFI with TKIP-AES.

So is the consensus is to just use AES? As TKIP adds a security risk?
 
If your Dell mini 910 can not support pure WPA2 you can find on eBay a New Wireless card for $10 that will do it.


😎
 
the point of TKIP+AES was to make the router available to people who had old technology and people who have new technology. If you don't have 1996 laptops in use it serves no purpose.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top