Discussion in 'General Discussion' started by Anonymous, Jul 23, 2005.

  1. Anonymous

    Anonymous Guest

    When configuring a simple (home) network built around a WRT54G, which is "more" secure: TPIK or AES? Any web sites that explain the diffs or tradeoffs?
  2. ReDFlaG

    ReDFlaG Network Guru Member

    AES offers the best security.
  3. littlewhoo

    littlewhoo Network Guru Member

  4. ReDFlaG

    ReDFlaG Network Guru Member

    Like AES is the best encryption algorithm, it is preferable to use it. So a TKIP solution that use RC4 is weaker than another one using AES.

    Is this statement correct littlewho?
  5. littlewhoo

    littlewhoo Network Guru Member

    Basically yes. But currently (and most likely also for the next few years) WPA-TKIP is still perfectly secure.

    WEP, which is using RC4 encryptione is not secure. But that's a implementation weakness of WEP and not a general probem of the RC4 algorithm.

    WPA-TKIP is also using the RC4 algorithm, but there are no known weaknesses. The only problem with WPA-TKIP is, that you can start dictionary/bruteforce attacks against the encryption. So the security depends on the length of the WPA passphrase. It's *strongly* recommended to use a passphrase with more than 24 characters. And it should be a secure passphrase randomly composed of small letters, capital letters, numbers, special characters...
    Don't use simple words or sentences. As you have to enter the passphrase only once, when setting up all wlan devices, there is no reason, why you shouldn't use the maximum possible length for the passphrase (afaik 63 or 64 characters). In this case a bruteforce attack on your passphrase with todays computers would certainly take more than a few billion years to succeed. :)

    WPA2 or WPA-AES using the AES Algorithm is even a little bit more secure - not only due to the better encryption algorithm, but also due to other changes in the security protocol.

    So while in theory WPA2/WPA-AES is more secure than WPA-TKIP, currently both security protocols can't be broken (if you use a secure passphrase). And there is no indication, that this will change in the near future. So no need to worry, if your wlan devices only support WPA-TKIP, but not WPA2/WPA-AES.
  6. ReDFlaG

    ReDFlaG Network Guru Member

    Thanks for this clear explanation. :wink:

    Another question : what about radius? i've setup an IAS server (the microsoft radius), so this bring another level of protection : using certificate to authenticate clients.

    But does this have to see with encryption? (does it modify the way data are encrypted)? I'm not sure about it.
  7. jagboy

    jagboy Network Guru Member

  8. littlewhoo

    littlewhoo Network Guru Member

    No, WPA is still perfectly secure. Please read the whitepaper from the authors of this WPA cracking tool:

    This tool is only running a bruteforce attack on WPA. And that's the issue, I already explained above. A short passphrase can easily be broken, if you have enough ressources. But currently there is no way to break a longer, secure WPA passphrase in a reasonable time. Not even with the fastest computer in the world.
    A passphrase of 24 random chracters can be considered secure. And you have the possibility to choose passphrases up to 63 (or 64) characters!

    This WPA cracking tool can test about 60 passphrases per second on a fast SP Athlon system.

    So lets see, how long it will take on average to break a WPA passphrase of a given length. Assuming, this is a passphrase, using only letters and numbers (26+26+10=62 possible characters):

    passphrase length | numer of combinations | avg. time to crack

    5 | 916132832 | 88 days

    10 | 839299365868340224 | 221783402 years

    15 | 768909704948766668552634368 | 203183056651859955 years

    20 | 7,0442342554699802296833026461637e+35 | 186142669104884899524440392 years


    get the picture? And you see, that it wouldn't even make a difference, if you would use a supercomputer, that is a million times faster than todays computers.
    Of course, if you use a passphrase, that can be found in a dictionary, the protection can be cracked easily, because you have only to test a few hundred thousand combinations, which can be done in a few hours.

    So WPA is only as secure as your passphrase. And btw., you can run a similar bruteforce attack on WPA2.
  9. jagboy

    jagboy Network Guru Member

    the whole point of my last post was to prove that wpa has been cracked but the crack tool might not be effective on a long passphrase but can work on a short one.
    but thanks for the essay (explanation) :D

    btw any comments on wrtbwlog :D
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice