Re: [fw-wiz] WPA Pre-Shared Key TKIP vs AES
From: H. Morrow Long (morrow.long_at_yale.edu)
To: Servie Platon <firstname.lastname@example.org> Date: Wed, 15 Dec 2004 10:48:00 -0500
[Sorry for the mostly off topic (for Firewall Wizards) reply.]
Comparing TKIP and AES is similar to comparing apples
and oranges. One is a key mgt protocol (okay -- it is now
called a 'data confidentiality protocol), the other (AES)
is an encryption method. You should compare AES with
DES (and triple-DES).
TKIP (Temporal Key Integrity Protocol) is a key management
protocol. It deals with how the symmetric 'session' key
or keys are initially created, changed over time, etc.
TKIP is not used in WPA2 except in backwards compatible
WPA mode by APs to support legacy WPA/TKIP clients. WPA2
in native mode uses CCMP (Counter-Mode/CBC-MAC Protocol)
as a 'data confidentiality' method instead of TKIP.
AES (Advanced Encryption System) is a variable bit
length symmetric digital encryption algorithm. It was
selected by NIST to replace DES as the symmetric
encryption scheme of choice for electronic transactions
and is based on Rijndael. It is one of the major changes
between WPA and WPA2/802.11i and often requires a
hardware upgrade to access points in order to accomodate it.
The URL you cited is now somewhat dated. A more recent article is
- H. Morrow Long, CISSP, CISM
University Information Security Officer
Director -- Information Security Office
Yale University, ITS
On Dec 14, 2004, at 11:13 PM, Servie Platon wrote:
> Hi security gurus and FW experts alike,
> I am just curious, which WPA algorithm is better? TKIP
> or AES?
> There is an article below that says WPA is better than
> WEP for a number of reasons.
> Now I am in the process of changing WEP in our
> office's WRT54G router which is intended to hookup
> some laptop and notebook PCs for mobile office users.
> But my problem is I have no idea which one is better
> TKIP or AES? And secondly, does WPA shared key mean
> that I have to create a passphrase (i.e. diceware
> list) to generate encryption? Will this be harder to
> break as opposed to WEP which is easier?
> We could not select WPA RADIUS or RADIUS because we
> are but a small company and no RADIUS server in place.
> gives some info on WPA in general. How do I enable
> security enhancements in WPA as indicated in the URL
> Any thoughts and insights on how to secure our
> company's WLAN through WPA would be highly
> Do you Yahoo!?
> Jazz up your holiday email with celebrity designs. Learn more.
> firewall-wizards mailing list
firewall-wizards mailing list
- application/pkcs7-signature attachment: smime.p7s