Tkip+aes?

[John Connor]

I use an old WRT54GL with DD-WRT and I currently use TKIP+AES WPA2 for WIFI security with a 64 digit key. After reading this I wonder if I'm vulnerable to an attack. I do have a program that can brute force a WPA key, but I thought that only WPA could be brute forced.

Question: Am I vulnerable?

 

[JackMDS]

Is it verbally correct to say Men can go to the Moon?

Of course Men did it decades ago.

Given the resources that are needed to go there is it really Not an option at large?

Same with WPA2, a while ago a research group with unique scientific computing power claim that they mange to brake once a WPA2 key.

Quote: "AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. 50 supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space".

http://en.wikipedia.org/wiki/Brute-force_attack

 

[JoeMcJoe]

I use an old WRT54GL with DD-WRT and I currently use TKIP+AES WPA2 for WIFI security with a 64 digit key. After reading this I wonder if I'm vulnerable to an attack. I do have a program that can brute force a WPA key, but I thought that only WPA could be brute forced.

Question: Am I vulnerable?

Yes, don't sleep at night....

Change it to AES only.

Now you can sleep.

 

[VirtualLarry]

Yes, don't sleep at night....

Change it to AES only.

Now you can sleep.

Yes, TKIP has a cryptographic weakness. AES (so far) does not, to my knowledge.

You should be using AES ONLY. TKIP + AES leaves you open to attack.

 

[cmetz]

I use an old WRT54GL with DD-WRT and I currently use TKIP+AES WPA2 for WIFI security with a 64 digit key.

The purpose of TKIP was to find a way that old 802.11 hardware that only supported RC4 crypto hardware acceleration could have some improved security without the need to replace everything. That is, it's WPA/TKIP is a security improvement over WEP that can run fast on the same old hardware as WEP could.

Pretty much all 802.11g and newer generation hardware supports AES crypto hardware acceleration. Once you have that, you don't want or need TKIP. Also, WPA2 has some security improvements over WPA.

I'm a little confused by your description of "TKIP+AES WPA2" - I didn't think such a thing existed, I thought TKIP was obsolete as of WPA2. Either way, don't use TKIP anymore. Do use AES, do use WPA2.

 

[JackMDS]

I'm a little confused by your description of "TKIP+AES WPA2" - I didn't think such a thing existed, I thought TKIP was obsolete as of WPA2. Either way, don't use TKIP anymore. Do use AES, do use WPA2.

Yeah, some Wireless Routers has bizarre variety of choices.

Unfortunately marketing has more bearing on End-Users' Devices than real Technology and Security issues.

If New Wireless Router has No starlight configuration to pure WPA2, do not buy it.

If One has an older Router that does not have a pure configuration to Pure WPA+AES (WPA + AES is the WPA2 version in pre IEEE Standard devices) rid of it.

--------------
P.S. Many Routers have a WPA2 Personal or and WPA2 Enterprise.

Both are WPA2 secured. The Enterprise level has to be used when a Radius Server or similar Enterprise concoctions are involved.

 

[John Connor]

This is my current setup.

Here are the security modes available.

And this is the algorithms.

 

[theevilsharpie]

Just use WPA personal and call it a day.

 

[s44]

Regular WPA2 personal is two modes up. That will be AES only.

 

[cubby1223]

I'd turn off tkip for the reason that routers often are unreliable with getting devices connected and staying connected with both encryption options enabled.

The added security is just a bonus.

It is 2014, chances of having a device that does not support aes is just too small to even care.

 

[John Connor]

Well, my netbook a Dell mini 910 can use the WIFI with TKIP-AES.

So is the consensus is to just use AES? As TKIP adds a security risk?

 

[ch33zw1z]

Yes, AES only if possible. Some older devices may not support AES....but those are oooooold.

 

[JackMDS]

If your Dell mini 910 can not support pure WPA2 you can find on eBay a New Wireless card for $10 that will do it.

 

[John Connor]

Just changed the WIFI to AES and changed the key. Haven't tried the mini 9 yet, but I do have a WIFI USB adapter.

 

[cubby1223]

Well, my netbook a Dell mini 910 can use the WIFI with TKIP-AES.

So is the consensus is to just use AES? As TKIP adds a security risk?

All Wi-Fi devices made 2006 & later have WPA2/AES support.

Your netbook came out in 2008.

 

[John Connor]

Yes, typing this now with my netbook.

 

[AD5MB]

the point of TKIP+AES was to make the router available to people who had old technology and people who have new technology. If you don't have 1996 laptops in use it serves no purpose.