Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > TKIP or AES?

Reply
Thread Tools

TKIP or AES?

 
 
Smirnoff
Guest
Posts: n/a
 
      12-17-2008
Sorry, this is double posted in bt.broadband support, now realise that
this is the best NG for this post.

XP Pro, SP3, BT Hub, Belkin Wireless G card.

I have a single user desktop and have installed the Windows WPA2
security
update:

http://support.microsoft.com/kb/893357

Have also allowed Windows to handle my wireless connection, rather than
my Belkin G wireless card utility. My BT Hub security is set to WPA2
only and I have a 63 character alpha-numeric security key.

Everything is working OK, touch wood.

Just a couple of points I'd like to get clear in my mind.

1. Bearing in mind that no laptop or other device is going to connect
wirelessly, which data encryption is best to use, AES or TKIP, and
what's the difference?

2. Although everything is working OK, I thought it depended on the
lowest common denominator. To my knowledge, my Belkin Wireless G card is
incapable of handling WPA2. Or, is it that the wireless card UTILITY is
incapable of handling WPA2?
Do I assume that the Hub handles all the security and that the Belkin
card just picks up the resulting signal?



 
Reply With Quote
 
 
 
 
Robert L. \(MS-MVP\)
Guest
Posts: n/a
 
      12-17-2008
I think AES is better. Or check this post.
Which is more secure wireless settings
Wireless Security Options. When setup wireless security, you may have
many options. ... Here are the options I see >> WEP , WPA and WPA2 ...
http://www.chicagotech.net/netforums...cacd787e302378


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Smirnoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Sorry, this is double posted in bt.broadband support, now realise that
> this is the best NG for this post.
>
> XP Pro, SP3, BT Hub, Belkin Wireless G card.
>
> I have a single user desktop and have installed the Windows WPA2 security
> update:
>
> http://support.microsoft.com/kb/893357
>
> Have also allowed Windows to handle my wireless connection, rather than
> my Belkin G wireless card utility. My BT Hub security is set to WPA2
> only and I have a 63 character alpha-numeric security key.
>
> Everything is working OK, touch wood.
>
> Just a couple of points I'd like to get clear in my mind.
>
> 1. Bearing in mind that no laptop or other device is going to connect
> wirelessly, which data encryption is best to use, AES or TKIP, and
> what's the difference?
>
> 2. Although everything is working OK, I thought it depended on the
> lowest common denominator. To my knowledge, my Belkin Wireless G card is
> incapable of handling WPA2. Or, is it that the wireless card UTILITY is
> incapable of handling WPA2?
> Do I assume that the Hub handles all the security and that the Belkin card
> just picks up the resulting signal?
>
>
>


 
Reply With Quote
 
 
 
 
Jim
Guest
Posts: n/a
 
      12-17-2008

"Smirnoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Sorry, this is double posted in bt.broadband support, now realise that
> this is the best NG for this post.
>
> XP Pro, SP3, BT Hub, Belkin Wireless G card.
>
> I have a single user desktop and have installed the Windows WPA2 security
> update:
>
> http://support.microsoft.com/kb/893357
>
> Have also allowed Windows to handle my wireless connection, rather than
> my Belkin G wireless card utility. My BT Hub security is set to WPA2
> only and I have a 63 character alpha-numeric security key.
>
> Everything is working OK, touch wood.
>
> Just a couple of points I'd like to get clear in my mind.
>
> 1. Bearing in mind that no laptop or other device is going to connect
> wirelessly, which data encryption is best to use, AES or TKIP, and
> what's the difference?
>
> 2. Although everything is working OK, I thought it depended on the
> lowest common denominator. To my knowledge, my Belkin Wireless G card is
> incapable of handling WPA2. Or, is it that the wireless card UTILITY is
> incapable of handling WPA2?
> Do I assume that the Hub handles all the security and that the Belkin card
> just picks up the resulting signal?
>
>
>

Q1: No device needs to connect to listen to the message stream. A
reasonaby savvy lurker just downloads messages and tries to decrypt them.
If I recall correctly, it is AES.
Q2. It would be the card that is the limiting factor because encrypting
should be done in hardware for the best performance. And, you are wrong to
assume that the router handles all of the security.
As the entire message is encrypted, the router decrypts messages from the
card before sending them to the destination. The card decrypts messages
from the router before sending them up the layers of software.

Jim


 
Reply With Quote
 
Sooner Al [MVP]
Guest
Posts: n/a
 
      12-17-2008
You might look at this from the WiFi Alliance. AES is done in hardware
because of the computational requirements. As far as I know AES is
required for WPA2 while TKIP is required for WPA.

http://www.wi-fi.org/files/kc_11_WPA2_QandA_3-23-05.pdf

....and this...

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

With a sufficiently long random ASCII key both should be equally safe
for home users. Personally I use WPA2-Personal (WPA2-PSK [AES]) and like
you a 63-character random ASCII key.

--

Al Jarvi (MS-MVP Windows - Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 
Reply With Quote
 
Jack \(MVP-Networking\).
Guest
Posts: n/a
 
      12-17-2008
Hi
From the weakest to the strongest, Wireless security capacity is.
No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP and did not updated it you would have to download
the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357
The documentation of your Wireless devices (Wireless Router, and Wireless
Computer's Card) should state the type of security that is available with
your Wireless hardware.
All devices MUST be set to the same security level using the same pass
phrase.
Therefore the security must be set according what ever is the best possible
of one of the Wireless devices.
I.e. even if most of your system might be capable to be configured to the
max. with WPA2, but one device is only capable to be configured to max . of
WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can
do WEP only) is holding better security for the whole Network, replace the
device with a better one.
The Core differences between WEP, WPA, and WPA2 -
http://www.ezlan.net/wpa_wep.html
Jack (MVP-Networking).

"Smirnoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Sorry, this is double posted in bt.broadband support, now realise that
> this is the best NG for this post.
>
> XP Pro, SP3, BT Hub, Belkin Wireless G card.
>
> I have a single user desktop and have installed the Windows WPA2 security
> update:
>
> http://support.microsoft.com/kb/893357
>
> Have also allowed Windows to handle my wireless connection, rather than
> my Belkin G wireless card utility. My BT Hub security is set to WPA2
> only and I have a 63 character alpha-numeric security key.
>
> Everything is working OK, touch wood.
>
> Just a couple of points I'd like to get clear in my mind.
>
> 1. Bearing in mind that no laptop or other device is going to connect
> wirelessly, which data encryption is best to use, AES or TKIP, and
> what's the difference?
>
> 2. Although everything is working OK, I thought it depended on the
> lowest common denominator. To my knowledge, my Belkin Wireless G card is
> incapable of handling WPA2. Or, is it that the wireless card UTILITY is
> incapable of handling WPA2?
> Do I assume that the Hub handles all the security and that the Belkin card
> just picks up the resulting signal?
>
>
>


 
Reply With Quote
 
James Egan
Guest
Posts: n/a
 
      12-17-2008

On Wed, 17 Dec 2008 08:49:15 -0000, "Smirnoff"
<(E-Mail Removed)> wrote:

>1. Bearing in mind that no laptop or other device is going to connect
>wirelessly, which data encryption is best to use, AES or TKIP, and
>what's the difference?


AES is better. It is based on the rijndael block cipher whereas TKIP,
like WEP before it, is based on the RC4 stream cipher although the
implementation in WPA/TKIP is much more secure than in WEP

WPA/TKIP is for users running legacy hardware which can't handle AES.
Anything running WEP is supposedly software upgradable to WPA/TKIP
whereas WPA/AES won't work on some old gear.


Jim.

 
Reply With Quote
 
John
Guest
Posts: n/a
 
      12-17-2008
doesn't answer your question directly but worth reading:
http://www.itworld.com/security/5728...yption-cracked

"Smirnoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Sorry, this is double posted in bt.broadband support, now realise that
> this is the best NG for this post.
>
> XP Pro, SP3, BT Hub, Belkin Wireless G card.
>
> I have a single user desktop and have installed the Windows WPA2 security
> update:
>
> http://support.microsoft.com/kb/893357
>
> Have also allowed Windows to handle my wireless connection, rather than
> my Belkin G wireless card utility. My BT Hub security is set to WPA2
> only and I have a 63 character alpha-numeric security key.
>
> Everything is working OK, touch wood.
>
> Just a couple of points I'd like to get clear in my mind.
>
> 1. Bearing in mind that no laptop or other device is going to connect
> wirelessly, which data encryption is best to use, AES or TKIP, and
> what's the difference?
>
> 2. Although everything is working OK, I thought it depended on the
> lowest common denominator. To my knowledge, my Belkin Wireless G card is
> incapable of handling WPA2. Or, is it that the wireless card UTILITY is
> incapable of handling WPA2?
> Do I assume that the Hub handles all the security and that the Belkin card
> just picks up the resulting signal?
>
>
>



 
Reply With Quote
 
Smirnoff
Guest
Posts: n/a
 
      12-17-2008


"Jim" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Smirnoff" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Sorry, this is double posted in bt.broadband support, now realise
>> that this is the best NG for this post.
>>
>> XP Pro, SP3, BT Hub, Belkin Wireless G card.
>>
>> I have a single user desktop and have installed the Windows WPA2
>> security
>> update:
>>
>> http://support.microsoft.com/kb/893357
>>
>> Have also allowed Windows to handle my wireless connection, rather
>> than
>> my Belkin G wireless card utility. My BT Hub security is set to WPA2
>> only and I have a 63 character alpha-numeric security key.
>>
>> Everything is working OK, touch wood.
>>
>> Just a couple of points I'd like to get clear in my mind.
>>
>> 1. Bearing in mind that no laptop or other device is going to connect
>> wirelessly, which data encryption is best to use, AES or TKIP, and
>> what's the difference?
>>
>> 2. Although everything is working OK, I thought it depended on the
>> lowest common denominator. To my knowledge, my Belkin Wireless G card
>> is
>> incapable of handling WPA2. Or, is it that the wireless card UTILITY
>> is
>> incapable of handling WPA2?
>> Do I assume that the Hub handles all the security and that the Belkin
>> card just picks up the resulting signal?
>>
>>
>>

> Q1: No device needs to connect to listen to the message stream. A
> reasonaby savvy lurker just downloads messages and tries to decrypt
> them. If I recall correctly, it is AES.
> Q2. It would be the card that is the limiting factor because
> encrypting should be done in hardware for the best performance. And,
> you are wrong to assume that the router handles all of the security.
> As the entire message is encrypted, the router decrypts messages from
> the card before sending them to the destination. The card decrypts
> messages from the router before sending them up the layers of
> software.
>
> Jim
>

Q1: Will stick to AES, thanks.

Q2: Have set my comp to use WPA2 for ages now and this is what confuses
me. Not long ago I DID have my niece's laptop (with Windows WPA2 update
installed) connecting to my computer (with correct security key). She
had a relatively old Linksys USB wireless adapter, so it didn't surprise
me to see that when using Windows to "View available networks", my BT
Hub showed up as just WPA protected.

Have just looked at the spec of my Belkin Wireless G card and it states
"Features wireless 64- and 128-bit WEP encryption" (no mention of WPA
let alone WPA2). When I "View available networks" my Hub shows
"Security-enabled wireless network (WPA2)".

I'm positive that my Belkin card is older than my niece's USB adapter
and doesn't handle anything but WEP, so why is the network showing up as
WPA2 enabled?



 
Reply With Quote
 
Smirnoff
Guest
Posts: n/a
 
      12-17-2008


"Smirnoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
>
> "Jim" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> "Smirnoff" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Sorry, this is double posted in bt.broadband support, now realise
>>> that this is the best NG for this post.
>>>
>>> XP Pro, SP3, BT Hub, Belkin Wireless G card.
>>>
>>> I have a single user desktop and have installed the Windows WPA2
>>> security
>>> update:
>>>
>>> http://support.microsoft.com/kb/893357
>>>
>>> Have also allowed Windows to handle my wireless connection, rather
>>> than
>>> my Belkin G wireless card utility. My BT Hub security is set to WPA2
>>> only and I have a 63 character alpha-numeric security key.
>>>
>>> Everything is working OK, touch wood.
>>>
>>> Just a couple of points I'd like to get clear in my mind.
>>>
>>> 1. Bearing in mind that no laptop or other device is going to
>>> connect
>>> wirelessly, which data encryption is best to use, AES or TKIP, and
>>> what's the difference?
>>>
>>> 2. Although everything is working OK, I thought it depended on the
>>> lowest common denominator. To my knowledge, my Belkin Wireless G
>>> card is
>>> incapable of handling WPA2. Or, is it that the wireless card UTILITY
>>> is
>>> incapable of handling WPA2?
>>> Do I assume that the Hub handles all the security and that the
>>> Belkin card just picks up the resulting signal?
>>>
>>>
>>>

>> Q1: No device needs to connect to listen to the message stream. A
>> reasonaby savvy lurker just downloads messages and tries to decrypt
>> them. If I recall correctly, it is AES.
>> Q2. It would be the card that is the limiting factor because
>> encrypting should be done in hardware for the best performance. And,
>> you are wrong to assume that the router handles all of the security.
>> As the entire message is encrypted, the router decrypts messages from
>> the card before sending them to the destination. The card decrypts
>> messages from the router before sending them up the layers of
>> software.
>>
>> Jim
>>

> Q1: Will stick to AES, thanks.
>
> Q2: Have set my comp to use WPA2 for ages now and this is what
> confuses me. Not long ago I DID have my niece's laptop (with Windows
> WPA2 update installed) connecting to my computer (with correct
> security key). She had a relatively old Linksys USB wireless adapter,
> so it didn't surprise me to see that when using Windows to "View
> available networks", my BT Hub showed up as just WPA protected.
>
> Have just looked at the spec of my Belkin Wireless G card and it
> states "Features wireless 64- and 128-bit WEP encryption" (no mention
> of WPA let alone WPA2). When I "View available networks" my Hub shows
> "Security-enabled wireless network (WPA2)".
>
> I'm positive that my Belkin card is older than my niece's USB adapter
> and doesn't handle anything but WEP, so why is the network showing up
> as WPA2 enabled?
>


Sorry, meant to add: Is it the Belkin card itself that is not WPA(2)
capable or is it the UTILITY, as I queried earlier? When you allow
Windows to handle the wireless connection surely it becomes the
utility/driver, thus allowing for higher security. As security settings
are set with the utility (in this case Windows), perhaps the card is
merely transmitting the resultant data?


 
Reply With Quote
 
Lem
Guest
Posts: n/a
 
      12-17-2008
Smirnoff wrote:
> "Smirnoff" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> "Jim" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> "Smirnoff" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Sorry, this is double posted in bt.broadband support, now realise
>>>> that this is the best NG for this post.
>>>>
>>>> XP Pro, SP3, BT Hub, Belkin Wireless G card.
>>>>
>>>> I have a single user desktop and have installed the Windows WPA2
>>>> security
>>>> update:
>>>>
>>>> http://support.microsoft.com/kb/893357
>>>>
>>>> Have also allowed Windows to handle my wireless connection, rather
>>>> than
>>>> my Belkin G wireless card utility. My BT Hub security is set to WPA2
>>>> only and I have a 63 character alpha-numeric security key.
>>>>
>>>> Everything is working OK, touch wood.
>>>>
>>>> Just a couple of points I'd like to get clear in my mind.
>>>>
>>>> 1. Bearing in mind that no laptop or other device is going to
>>>> connect
>>>> wirelessly, which data encryption is best to use, AES or TKIP, and
>>>> what's the difference?
>>>>
>>>> 2. Although everything is working OK, I thought it depended on the
>>>> lowest common denominator. To my knowledge, my Belkin Wireless G
>>>> card is
>>>> incapable of handling WPA2. Or, is it that the wireless card UTILITY
>>>> is
>>>> incapable of handling WPA2?
>>>> Do I assume that the Hub handles all the security and that the
>>>> Belkin card just picks up the resulting signal?
>>>>
>>>>
>>>>
>>> Q1: No device needs to connect to listen to the message stream. A
>>> reasonaby savvy lurker just downloads messages and tries to decrypt
>>> them. If I recall correctly, it is AES.
>>> Q2. It would be the card that is the limiting factor because
>>> encrypting should be done in hardware for the best performance. And,
>>> you are wrong to assume that the router handles all of the security.
>>> As the entire message is encrypted, the router decrypts messages from
>>> the card before sending them to the destination. The card decrypts
>>> messages from the router before sending them up the layers of
>>> software.
>>>
>>> Jim
>>>

>> Q1: Will stick to AES, thanks.
>>
>> Q2: Have set my comp to use WPA2 for ages now and this is what
>> confuses me. Not long ago I DID have my niece's laptop (with Windows
>> WPA2 update installed) connecting to my computer (with correct
>> security key). She had a relatively old Linksys USB wireless adapter,
>> so it didn't surprise me to see that when using Windows to "View
>> available networks", my BT Hub showed up as just WPA protected.
>>
>> Have just looked at the spec of my Belkin Wireless G card and it
>> states "Features wireless 64- and 128-bit WEP encryption" (no mention
>> of WPA let alone WPA2). When I "View available networks" my Hub shows
>> "Security-enabled wireless network (WPA2)".
>>
>> I'm positive that my Belkin card is older than my niece's USB adapter
>> and doesn't handle anything but WEP, so why is the network showing up
>> as WPA2 enabled?
>>

>
> Sorry, meant to add: Is it the Belkin card itself that is not WPA(2)
> capable or is it the UTILITY, as I queried earlier? When you allow
> Windows to handle the wireless connection surely it becomes the
> utility/driver, thus allowing for higher security. As security settings
> are set with the utility (in this case Windows), perhaps the card is
> merely transmitting the resultant data?
>
>


First, your BT "Hub" is really a router. A hub is an altogether
different piece of network equipment from a router.
http://www.practicallynetworked.com/...idge_types.htm

With respect to wireless security, *both* the router *and* the adapter
perform encryption and decryption. The router encrypts info that it
sends to your computer and your adapter decrypts those messages when it
receives them. And vice versa - your adapter encrypts info that you send
to the router and the router decrypts those messages.

There is some inconsistency with your description: how can you be
positive that your Belkin card is capable of only WEP if you've been
using WPA2 for ages? This does not compute.

Many WiFi products with the same product name have been substantially
changed through the use of "version" nomenclature. The main "features"
page of the product may not have been updated to reflect these changes.
Thus, your Belkin adapter almost certainly *is* WPA2 capable (if you
have been using it to connect to a WPA2 network). For example, if you
have a Belkin F5D7000 PCI wireless-G adapter, the main product page says
only "Features wireless 64- and 128-bit WEP encryption." The specs page,
however, says "WPA, WPA2, 64-bit/128-bit encryption" (of course, the
spec page also says that it's an IEEE 802.11b card when we know, by
definition, that it's IEEE 802.11g).

And, as others in the thread have noted, in order to use WPA2, you need
*both* a utility that knows about WPA2 *and* hardware that's capable of
WPA2. If you've installed the WPA2 update, then you have the correct
utility.

As far as your niece's Linksys USB adapter, the basic Linksys wireless-G
USB adapter, the WUSB54G, is now up to version 4, but even version 1 can
handle WPA (not WPA2) with the current driver. (The User Guide for
version 4 mentions something called "PSK2." I believe that's what
Linksys used to describe WPA2 (perhaps before the product was certified
by the WiFi alliance, and so couldn't use "WPA2"). So if your niece has
this version of this device, she probably can use WPA2. That term
doesn't appear in the v.1 or v.2 manuals.)

Finally, *all* devices on a wireless network must use the same level of
encryption. Thus, if your niece's hardware really can only handle WPA,
you'll have to reconfigure your router to use WPA. In this case, use
WPA-PSK (AES).
--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WPA-TKIP Key changes. =?Utf-8?B?bGFyY29kZGluZw==?= Wireless Networking 0 12-22-2005 05:15 PM
WPA2 backward compatibility with WPA: TKIP and/or AES? =?Utf-8?B?U2NvdCBCYWxmb3Vy?= Wireless Networking 0 10-05-2005 06:15 PM
No file sharing with WPA-PSK TKIP Rich D Wireless Networking 0 08-30-2005 02:18 PM
Can't share files with TKIP Rich D Wireless Networking 0 06-27-2005 11:28 PM
Set TKIP through a GPO? Al Blake Wireless Networking 4 10-21-2004 10:04 PM



Advertisments