Firewall Wizards mailing list archives
Re: WPA Pre-Shared Key TKIP vs AES
From: "H. Morrow Long" <morrow.long () yale edu>
Date: Wed, 15 Dec 2004 10:48:00 -0500
[Sorry for the mostly off topic (for Firewall Wizards) reply.] Comparing TKIP and AES is similar to comparing apples and oranges. One is a key mgt protocol (okay -- it is now called a 'data confidentiality protocol), the other (AES) is an encryption method. You should compare AES with DES (and triple-DES). TKIP (Temporal Key Integrity Protocol) is a key management protocol. It deals with how the symmetric 'session' key or keys are initially created, changed over time, etc. TKIP is not used in WPA2 except in backwards compatible WPA mode by APs to support legacy WPA/TKIP clients. WPA2 in native mode uses CCMP (Counter-Mode/CBC-MAC Protocol) as a 'data confidentiality' method instead of TKIP. AES (Advanced Encryption System) is a variable bit length symmetric digital encryption algorithm. It was selected by NIST to replace DES as the symmetric encryption scheme of choice for electronic transactions and is based on Rijndael. It is one of the major changes between WPA and WPA2/802.11i and often requires a hardware upgrade to access points in order to accomodate it. The URL you cited is now somewhat dated. A more recent article is http://www.embedded.com/showArticle.jhtml?articleID=34400002 - H. Morrow Long, CISSP, CISM University Information Security Officer Director -- Information Security Office Yale University, ITS On Dec 14, 2004, at 11:13 PM, Servie Platon wrote:
Hi security gurus and FW experts alike, I am just curious, which WPA algorithm is better? TKIP or AES? There is an article below that says WPA is better than WEP for a number of reasons. http://www.openxtra.co.uk/articles/wpa-vs-wep.htm Now I am in the process of changing WEP in our office's WRT54G router which is intended to hookup some laptop and notebook PCs for mobile office users. But my problem is I have no idea which one is better TKIP or AES? And secondly, does WPA shared key mean that I have to create a passphrase (i.e. diceware list) to generate encryption? Will this be harder to break as opposed to WEP which is easier? We could not select WPA RADIUS or RADIUS because we are but a small company and no RADIUS server in place. Also,http://www.tech-faq.com/wireless-networks/wpa-wi-fi-protected- access.shtmlgives some info on WPA in general. How do I enable security enhancements in WPA as indicated in the URL above? Any thoughts and insights on how to secure our company's WLAN through WPA would be highly appreciated. TIA, Sincerely, Servie __________________________________ Do you Yahoo!? Jazz up your holiday email with celebrity designs. Learn more. http://celebrity.mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Attachment:
smime.p7s
Description:
Current thread:
- WPA Pre-Shared Key TKIP vs AES Servie Platon (Dec 15)
- Re: WPA Pre-Shared Key TKIP vs AES H. Morrow Long (Dec 15)
- Re: WPA Pre-Shared Key TKIP vs AES Frederick M Avolio (Dec 15)
- Re: WPA Pre-Shared Key TKIP vs AES Paul D. Robertson (Dec 15)
- Message not available
- Re: WPA Pre-Shared Key TKIP vs AES Paul D. Robertson (Dec 21)
- Re: WPA Pre-Shared Key TKIP vs AES Paul D. Robertson (Dec 15)