Re: [fw-wiz] WPA Pre-Shared Key TKIP vs AES

From: H. Morrow Long (
Date: 12/15/04

  • Next message: Jean-Denis Gorin: "[fw-wiz] Windows ATM (was Re: How to Save The World)"
    To: Servie Platon <>
    Date: Wed, 15 Dec 2004 10:48:00 -0500

    [Sorry for the mostly off topic (for Firewall Wizards) reply.]

    Comparing TKIP and AES is similar to comparing apples
    and oranges. One is a key mgt protocol (okay -- it is now
    called a 'data confidentiality protocol), the other (AES)
    is an encryption method. You should compare AES with
    DES (and triple-DES).

    TKIP (Temporal Key Integrity Protocol) is a key management
    protocol. It deals with how the symmetric 'session' key
    or keys are initially created, changed over time, etc.

    TKIP is not used in WPA2 except in backwards compatible
    WPA mode by APs to support legacy WPA/TKIP clients. WPA2
    in native mode uses CCMP (Counter-Mode/CBC-MAC Protocol)
    as a 'data confidentiality' method instead of TKIP.

    AES (Advanced Encryption System) is a variable bit
    length symmetric digital encryption algorithm. It was
    selected by NIST to replace DES as the symmetric
    encryption scheme of choice for electronic transactions
    and is based on Rijndael. It is one of the major changes
    between WPA and WPA2/802.11i and often requires a
    hardware upgrade to access points in order to accomodate it.

    The URL you cited is now somewhat dated. A more recent article is

    - H. Morrow Long, CISSP, CISM
       University Information Security Officer
       Director -- Information Security Office
       Yale University, ITS

    On Dec 14, 2004, at 11:13 PM, Servie Platon wrote:
    > Hi security gurus and FW experts alike,
    > I am just curious, which WPA algorithm is better? TKIP
    > or AES?
    > There is an article below that says WPA is better than
    > WEP for a number of reasons.
    > Now I am in the process of changing WEP in our
    > office's WRT54G router which is intended to hookup
    > some laptop and notebook PCs for mobile office users.
    > But my problem is I have no idea which one is better
    > TKIP or AES? And secondly, does WPA shared key mean
    > that I have to create a passphrase (i.e. diceware
    > list) to generate encryption? Will this be harder to
    > break as opposed to WEP which is easier?
    > We could not select WPA RADIUS or RADIUS because we
    > are but a small company and no RADIUS server in place.
    > Also,
    > access.shtml
    > gives some info on WPA in general. How do I enable
    > security enhancements in WPA as indicated in the URL
    > above?
    > Any thoughts and insights on how to secure our
    > company's WLAN through WPA would be highly
    > appreciated.
    > TIA,
    > Sincerely,
    > Servie
    > __________________________________
    > Do you Yahoo!?
    > Jazz up your holiday email with celebrity designs. Learn more.
    > _______________________________________________
    > firewall-wizards mailing list


    firewall-wizards mailing list

  • Next message: Jean-Denis Gorin: "[fw-wiz] Windows ATM (was Re: How to Save The World)"

    Relevant Pages

    • Re: iOS 7.1 and WiFi problems?
      ... There are routers that allow for an access control list so ... I can now PROVE that the problem is related to AES encryption. ... AUTO (WPA or WPA2) - TKIP ...
    • Re: iOS 7.1 and WiFi problems?
      ... Seems very strange that an iPad does not support WPA2 ???? ... I can now PROVE that the problem is related to AES encryption. ... AUTO (WPA or WPA2) - TKIP ...
    • Re: WPA-AES = WPA2 ?
      ... router properties and see what is has the connection listed as. ... it says wpa tkip even if I set it in Windows to be AES. ... TKIP and WPA2 AES.> ...
    • RE: radius+ wireless
      ... >and the keys change automatically. ... WPA using TKIP works with Mac OS 10.3. ... I have not tested AES. ...
    • Re: 802.1x wireless lan how to?
      ... Configured ISA to allow certificate auto enrollment ... set for WPA with AES and some WPA2 with AES. ...