Discussion in 'Wireless Networking' started by Smirnoff, Dec 17, 2008.

  1. Smirnoff

    Smirnoff Guest

    Sorry, this is double posted in bt.broadband support, now realise that
    this is the best NG for this post.

    XP Pro, SP3, BT Hub, Belkin Wireless G card.

    I have a single user desktop and have installed the Windows WPA2

    Have also allowed Windows to handle my wireless connection, rather than
    my Belkin G wireless card utility. My BT Hub security is set to WPA2
    only and I have a 63 character alpha-numeric security key.

    Everything is working OK, touch wood.

    Just a couple of points I'd like to get clear in my mind.

    1. Bearing in mind that no laptop or other device is going to connect
    wirelessly, which data encryption is best to use, AES or TKIP, and
    what's the difference?

    2. Although everything is working OK, I thought it depended on the
    lowest common denominator. To my knowledge, my Belkin Wireless G card is
    incapable of handling WPA2. Or, is it that the wireless card UTILITY is
    incapable of handling WPA2?
    Do I assume that the Hub handles all the security and that the Belkin
    card just picks up the resulting signal?
    Smirnoff, Dec 17, 2008
    1. Advertisements

  2. I think AES is better. Or check this post.
    Which is more secure wireless settings
    Wireless Security Options. When setup wireless security, you may have
    many options. ... Here are the options I see >> WEP , WPA and WPA2 ...

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    How to Setup Windows, Network, VPN & Remote Access on
    Robert L. \(MS-MVP\), Dec 17, 2008
    1. Advertisements

  3. Smirnoff

    Jim Guest

    Q1: No device needs to connect to listen to the message stream. A
    reasonaby savvy lurker just downloads messages and tries to decrypt them.
    If I recall correctly, it is AES.
    Q2. It would be the card that is the limiting factor because encrypting
    should be done in hardware for the best performance. And, you are wrong to
    assume that the router handles all of the security.
    As the entire message is encrypted, the router decrypts messages from the
    card before sending them to the destination. The card decrypts messages
    from the router before sending them up the layers of software.

    Jim, Dec 17, 2008
  4. You might look at this from the WiFi Alliance. AES is done in hardware
    because of the computational requirements. As far as I know AES is
    required for WPA2 while TKIP is required for WPA.

    ....and this...

    With a sufficiently long random ASCII key both should be equally safe
    for home users. Personally I use WPA2-Personal (WPA2-PSK [AES]) and like
    you a 63-character random ASCII key.


    Al Jarvi (MS-MVP Windows - Desktop User Experience)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program -
    This posting is provided "AS IS" with no warranties, and confers no
    How to ask a question
    Sooner Al [MVP], Dec 17, 2008
  5. Hi
    From the weakest to the strongest, Wireless security capacity is.
    No Security
    MAC______(Band Aid if nothing else is available).
    WEP64____(Easy, to "Break" by knowledgeable people).
    WEP128___(A little Harder, but "Hackable" too).
    WPA-PSK__(Very Hard to Break).
    WPA-AES__(Not functionally Breakable)
    WPA2____ (Not functionally Breakable).
    Note 1: WPA-AES the the current entry level rendition of WPA2.
    Note 2: If you use WinXP and did not updated it you would have to download
    the WPA2 patch from Microsoft.
    The documentation of your Wireless devices (Wireless Router, and Wireless
    Computer's Card) should state the type of security that is available with
    your Wireless hardware.
    All devices MUST be set to the same security level using the same pass
    Therefore the security must be set according what ever is the best possible
    of one of the Wireless devices.
    I.e. even if most of your system might be capable to be configured to the
    max. with WPA2, but one device is only capable to be configured to max . of
    WEP, to whole system must be configured to WEP.
    If you need more good security and one device (like a Wireless card that can
    do WEP only) is holding better security for the whole Network, replace the
    device with a better one.
    The Core differences between WEP, WPA, and WPA2 -
    Jack (MVP-Networking).
    Jack \(MVP-Networking\)., Dec 17, 2008
  6. Smirnoff

    James Egan Guest

    AES is better. It is based on the rijndael block cipher whereas TKIP,
    like WEP before it, is based on the RC4 stream cipher although the
    implementation in WPA/TKIP is much more secure than in WEP

    WPA/TKIP is for users running legacy hardware which can't handle AES.
    Anything running WEP is supposedly software upgradable to WPA/TKIP
    whereas WPA/AES won't work on some old gear.

    James Egan, Dec 17, 2008
  7. Smirnoff

    John Guest

    John, Dec 17, 2008
  8. Smirnoff

    Smirnoff Guest

    Q1: Will stick to AES, thanks.

    Q2: Have set my comp to use WPA2 for ages now and this is what confuses
    me. Not long ago I DID have my niece's laptop (with Windows WPA2 update
    installed) connecting to my computer (with correct security key). She
    had a relatively old Linksys USB wireless adapter, so it didn't surprise
    me to see that when using Windows to "View available networks", my BT
    Hub showed up as just WPA protected.

    Have just looked at the spec of my Belkin Wireless G card and it states
    "Features wireless 64- and 128-bit WEP encryption" (no mention of WPA
    let alone WPA2). When I "View available networks" my Hub shows
    "Security-enabled wireless network (WPA2)".

    I'm positive that my Belkin card is older than my niece's USB adapter
    and doesn't handle anything but WEP, so why is the network showing up as
    WPA2 enabled?
    Smirnoff, Dec 17, 2008
  9. Smirnoff

    Smirnoff Guest

    Sorry, meant to add: Is it the Belkin card itself that is not WPA(2)
    capable or is it the UTILITY, as I queried earlier? When you allow
    Windows to handle the wireless connection surely it becomes the
    utility/driver, thus allowing for higher security. As security settings
    are set with the utility (in this case Windows), perhaps the card is
    merely transmitting the resultant data?
    Smirnoff, Dec 17, 2008
  10. Smirnoff

    Lem Guest

    First, your BT "Hub" is really a router. A hub is an altogether
    different piece of network equipment from a router.

    With respect to wireless security, *both* the router *and* the adapter
    perform encryption and decryption. The router encrypts info that it
    sends to your computer and your adapter decrypts those messages when it
    receives them. And vice versa - your adapter encrypts info that you send
    to the router and the router decrypts those messages.

    There is some inconsistency with your description: how can you be
    positive that your Belkin card is capable of only WEP if you've been
    using WPA2 for ages? This does not compute.

    Many WiFi products with the same product name have been substantially
    changed through the use of "version" nomenclature. The main "features"
    page of the product may not have been updated to reflect these changes.
    Thus, your Belkin adapter almost certainly *is* WPA2 capable (if you
    have been using it to connect to a WPA2 network). For example, if you
    have a Belkin F5D7000 PCI wireless-G adapter, the main product page says
    only "Features wireless 64- and 128-bit WEP encryption." The specs page,
    however, says "WPA, WPA2, 64-bit/128-bit encryption" (of course, the
    spec page also says that it's an IEEE 802.11b card when we know, by
    definition, that it's IEEE 802.11g).

    And, as others in the thread have noted, in order to use WPA2, you need
    *both* a utility that knows about WPA2 *and* hardware that's capable of
    WPA2. If you've installed the WPA2 update, then you have the correct

    As far as your niece's Linksys USB adapter, the basic Linksys wireless-G
    USB adapter, the WUSB54G, is now up to version 4, but even version 1 can
    handle WPA (not WPA2) with the current driver. (The User Guide for
    version 4 mentions something called "PSK2." I believe that's what
    Linksys used to describe WPA2 (perhaps before the product was certified
    by the WiFi alliance, and so couldn't use "WPA2"). So if your niece has
    this version of this device, she probably can use WPA2. That term
    doesn't appear in the v.1 or v.2 manuals.)

    Finally, *all* devices on a wireless network must use the same level of
    encryption. Thus, if your niece's hardware really can only handle WPA,
    you'll have to reconfigure your router to use WPA. In this case, use
    WPA-PSK (AES).
    Lem -- MS-MVP

    To the moon and back with 2K words of RAM and 36K words of ROM.
    Lem, Dec 17, 2008
  11. Smirnoff

    Smirnoff Guest

    You are quite right about the Belkin, I was looking at the Features page
    rather than the Spec page.

    I can stop scratching my head now.

    Thanks for a very detailed and comprehensive answer.
    Smirnoff, Dec 18, 2008
  12. Smirnoff

    Smirnoff Guest

    Thanks to all who responded to this post and especially, Lem.
    Smirnoff, Dec 18, 2008
  13. Smirnoff

    James Egan Guest

    Surely if the hardware is capable of handling AES encryption then it
    is also capable of handling (AES based) CCMP authentication and key

    In other words, isn't WPA2-PSK (or WPA-PSK2) and WPA-PSK(AES) the
    same thing?

    James Egan, Dec 18, 2008
  14. Smirnoff

    James Egan Guest

    My apologies to Mr Lem and Mr Smirnoff for the error in quoting. I was
    quoting Mr Lem.

    James Egan, Dec 18, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.