1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

v1.28 WPA2 Personal TKIP/AES setting

Discussion in 'Tomato Firmware' started by gajtguy, Sep 26, 2010.

  1. gajtguy

    gajtguy Networkin' Nut Member

    Hi all. First post and probably a real easy one for you guys.

    In the new 1.28 firmware, under the WPA2 Personal mode there is a setting in the Encryption drop down for: TKIP, AES and then TKIP/AES. What is that last option?

    I assume it to mean "either TKIP or AES", but some of the devices I'm working with do not like that setting at all. When I set it to just AES, my device works just fine (Not a laptop or desktop). If it is truely either or, why do you think the device would not be able to attach to the network properly?

  2. gajtguy

    gajtguy Networkin' Nut Member

    Man I really thought someone would have an opinion on the matter. Is it that tricky of a question, or so dumb nobody feels like putting their name to the reply?
  3. TexasFlood

    TexasFlood Network Guru Member

    You want an opinion, :wink:. I don't know what it does. Why? Whenever I've used TKIP it's only been a major pain in my rear. If I have the choice of AES only, I'm not touching anything with TKIP.
  4. Kiwi8

    Kiwi8 LI Guru Member

    Dun use TKIP if all your devices support AES.
  5. rhester72

    rhester72 Network Guru Member

    TKIP/AES does exactly what you suspect - it's an "or". Whatever the device asks for, it will get, but bear in mind that TKIP is deprecated and has been partially cracked (and is completely unsupported on wireless N for that reason).

    If your device requests the capabilities of the WAP and doesn't understand the answer (it's only expecting one but gets two), that's an issue with your endpoint, and will obviously require you to either a) fix your endpoint or b) use one or the other.

    Since I'm unaware of any current devices not supporting AES, I'd strongly recommend sticking to that.

  6. ferdinand

    ferdinand Addicted to LI Member

    As Rodney said, the access point will allow devices to connect using either encryption mode.

    But since the WAP doesn't know when a device might ask for TKIP, the group key (for multicast) will always be TKIP. All devices asking for AES will have to do TKIP at the same time. That might be the source of your problems.

    I've used WPA/WPA2 TKIP/AES before and never had problems with any devices, but if all your devices can use AES, do follow Rodney's recommendation.
  7. gajtguy

    gajtguy Networkin' Nut Member

    Ok. The chipset we use currently only supports AES. So it's not purely an 'or' situation and the device is having trouble.

    I get it. Thanks guys.
  8. Azuse

    Azuse Addicted to LI Member

    The TKIP cypher got cracked a long time ago. You really shouldn't be using it if at all possible.
  9. GreenThumb

    GreenThumb Addicted to LI Member

    TKIP is not a cipher, it is a protocol. Both WEP and TKIP use RC4 as the cipher. The problem with both WEP and TKIP is they were not implemented properly and this left security holes. The RC4 cipher itself is secure, but if you don't implement it properly, you get all kinds of issues (as is the case with all kinds of crypto not done right).

    But, yeah, stick with WPA2/AES if at all possible.

Share This Page