1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Discuss in my forum

Bradley Mitchell

AES vs TKIP for Wireless Encryption

By August 21, 2008

Follow me on:

Most modern Wi-Fi home networking equipment supports WPA wireless security (and often the newer, improved WPA2). When setting up your network with WPA, you will see several options to choose from, typically including a choice of encryption method - AES or TKIP. Which one of these is better?

AES offers stronger encryption technology and is the right choice (assuming all of the devices on your network support it). However, TKIP is also strong and tends to be supported by more equipment on the market. Either is far preferable to using no encryption at all, but consider AES first and TKIP as a reasonable backup option.

See Also - Top 10 Tips for Wireless Network Security
More - Securing Your Wireless Network - Encryption and Authentication (netsecurity.about.com)
Comments
November 7, 2008 at 4:09 pm
(1) Pete says:

Now, with the checksum weakness discovered in TKIP, AES is the clear choice for best security.

November 9, 2008 at 1:55 am
(2) compnetworking says:

See also About.com Network Security coverage of the recent crack – WPA Encryption Cracked

November 19, 2008 at 6:18 am
(3) dp says:

This title should read either “AES vs. RC4″ or “CCMP vs. TKIP.” The former are encryption methods; the latter are protocols. (CCMP uses AES, etc.) Similarly, the text mixes these distinctions up.

July 10, 2009 at 1:01 am
(4) Rufus says:

Hate to disagree, but the title is perfect the way it is. Those are the two choices given when setting up a router/card. A green installer doesn’t care if one of them is a breed of pumpkin, he just wants to know which choice to make.

September 29, 2009 at 6:16 pm
(5) Bradford says:

I agree with him the tittle is perfect you just want to through around that you know some thing start your own blog!

December 12, 2009 at 5:46 am
(6) peej says:

Technical accuracy matters if you want to learn about stuff.
I thought it was valuable of dp to point out the difference between protocol and encryption.

For many people, who don’t care to learn about stuff and just want it to work, it is worthless information, but I certainly appreciated it. So, thanks, dp.

December 30, 2009 at 7:39 am
(7) Dave says:

The way it is stated is correct. But all points are valid. I agree with the pretense that we read to learn. it sends me to a reference on occasion, but when I’m through, I’ve got it.

December 30, 2009 at 8:29 am
(8) Jim says:

I wholeheartedly agree with peej – technical accuracy does matter but we all are sometimes loose with our language – look at Bradford’s comment: he uses English words but juxtaposes them with little sense! He should restrict himself to tittle sentences without titles.

February 7, 2010 at 8:59 am
(9) gnee says:

@peej
+1

June 9, 2010 at 12:14 pm
(10) Gordon James says:

TKIP Protocol plus AES encryption is the way to go for now.

If you are using a “point to point” link you can greatly increase security by using a directional antenna.

The best wireless security is by not having hackers get interested in your signal.

October 13, 2010 at 5:55 pm
(11) J says:

@ Gordon James

“The best wireless security is by not having hackers get interested in your signal.”

Wrong. Security by obscurity is never a good idea, despite the fact that most people seem to mix them up frequently.

February 17, 2011 at 4:06 pm
(12) Dave says:

@ J

“Security by obscurity is never a good idea…”

Every “layer” of security helps.

March 12, 2011 at 9:06 pm
(13) dhb2900 says:

bottom line if someone wants in they will get in its just like a lock on your front door if a thief wants in the thief will get passed it

April 16, 2011 at 11:52 am
(14) Vince says:

Just tested throughput with iperf and wanted to share my results:

WPA2 PSK AES : 22.2 Mbps
WPA2 PSK TKIP : 20.9 Mbps
no wifi security: 22.2 Mbps

May 14, 2011 at 6:38 pm
(15) Tom says:

I was having issues with my wireless adapter repeatedly dropping connectivity [an older linksys usb adapter] I identified my network was configured for AES, changed to TKIP and seems to be maintaining connectivity better.

June 20, 2011 at 5:43 pm
(16) FromtheRight says:

The brand new Nook 2nd Edition, launched in June 2011, does not support AES but does support TKIP. Go figure.

July 26, 2011 at 6:39 am
(17) George says:

Well I have another problem. Ruckus wireless doesn’t appear to support N technology with TKIP, but set to AES clients connectivity is very iffy, through put can be fast or none exsistant. Don’t you just love wireless….

October 18, 2011 at 6:25 pm
(18) Lemming says:

Also important to note: strain of Pumpkin vs breed of Gerbil, not breed of Pumpkin.

You can get carried away with making things so specific to the point where, it has no significant/understandable relevance to practical implementation.

Communication technologies combine so many diverse layers/protocols/encryptions/encapsulations/etc. that ways of understanding them in practical scenarios, simply, workably and quickly, require ‘mashing’ distinguishable levels into several, simpler groups.

I.T. is a collaboration not a difficult language. If it becomes too difficult, it will die.

Simple sells!

January 17, 2012 at 9:25 pm
(19) 70decilon says:

My old Linksys WRT54G wireless security setup page states:

“WPA Pre-Shared Key: There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encrytption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.” (No further information is given.)

They certainly appear to be recommending TKIP over AES. This leads me to believe that the “AES” used by this router is different than the AES-CCMP used by WPA2 capable routers.

January 21, 2012 at 5:38 pm
(20) Dover says:

This title is perfect for noobs such as my self… Lead me straight to the info i was after and as a previous comment said, it relates to the options given.
Just my opinion.

January 23, 2012 at 4:01 am
(21) Simon_UK says:

Things have moved on since the original blog comment was made 3.5 years ago (don’t forget that at least 50% of the internet is out of date and the percentage is growing ;) )

TKIP was deprecated by the IEEE in January 2009.

The WiFi-Alliance proposed banning TKIP on all new devices from 2012
http://www.zdnet.com/blog/hardware/wi-fi-alliance-to-dump-wep-and-tkip-not-soon-enough/8677

March 19, 2012 at 10:28 pm
(22) ewoo_stressed says:

Right on Simon says,everyone pokin round in here ought know they cant even type this stuff b4 its obsolete. Best security???? WOW my head b splittin now. What ya say we reconnect the cord. Only thing I can ever remember hacking it was wire cutters!

June 2, 2012 at 1:45 am
(23) pdomo says:

My problem is that Win 7 won’t let me use AES only TKIP although the router is set for AES (both on WPA2).
I haven’t changed any settings on my Netgear DGND3700 router that I wasn’t sure about.
Although the connection still works it’s heaps slower than it was when I had to reset the router.
Can anyone help with this Win 7 issue.
Thanks

June 14, 2012 at 1:27 am
(24) AlHeldezCZ says:

@pdomo

look for the properties from ur connection change it to AES settings from the security tab it should help

July 23, 2012 at 7:36 pm
(25) claude_Florida says:

when switch to tkip laptop doesn`t work and nook work, swith to aes laptop work nook doesn`t work..Why?

October 3, 2012 at 11:59 pm
(26) Student2^32-1 says:

@70decilon It is actually advanced encryption standard not system. Just to clear it up.
@Lemmings Dude this is what we hackers like. Perfection of the electronic art and to direct people towards the path of knowledge and infinite wisdom. Learning is far better for the human race than ‘selling’. Come on man. We’re supposed to motivate individuals to achieve greatness, peace, and the power of the force, not money man. :)

January 1, 2013 at 1:48 pm
(27) deej says:

@Student2^32-1 agreed halfheartedly :)
@Lemming agreed wholeheartedly :)

March 18, 2013 at 9:02 am
(28) db says:

I agree with dp and peej; both have very good points. Technical information should be clear and informative. It doesn’t have to be difficult, but misinforming people creates confusion. An article aimed at clarifying a subject should strive to contain accurate information. Details such as AES (CCMP) versus RC4 (TKIP) are vital to curbing misleading information disseminated by commercial product interfaces and create a more knowledgeable end-user.

March 23, 2013 at 5:02 am
(29) david r says:

Thank you Rufus, could not have said it better

August 14, 2013 at 9:19 am
(30) Jingo1 says:

“Wrong. Security by obscurity is never a good idea, despite the fact that most people seem to mix them up frequently.”

Wrong. Security by obscurity is an excellent deterrent for people who actually know how to configure a network.

Also, the title is misleading. TKIP and AES are not in the same field.

August 30, 2013 at 10:14 am
(31) pplauche says:

This was the information I needed to connect my printer/fax to my home office network. Thanks.

September 22, 2013 at 12:53 pm
(32) mfrog says:

Every technical comment has added to the value of this page. Please understand that there is no mistake in adding technical details, and it could go either in the comments or the title what users search for.
Now, two things conflict, by opposing opinions, best type of security. Obscurity / directional antenna is in fact the most effective step towards avoiding hackers, but the unanswered question is why might someone attempt to hack your network? If there is another reason beside driving down the road and picking up whatever random networks a hacker finds? If they are actually looking for your network, obscurity is merely a more difficult logistic barrier, not a true measure of security. To get true security, the encryption is necessary, so please don’t think you are in any way secure with an open network connected by directional antennas.

November 15, 2013 at 4:52 am
(33) Robot Hackathon Montréal 2012 - No pain says:

Very good post. I’m experiencing some of these issues as well..

February 13, 2014 at 12:22 pm
(34) Lyskar says:

For CCNA testing purposes, WPA2 with AES is the most secure, less devices support it so other people use TKIP. Some router off both TKIP and AES.

Leave a Comment

Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

©2014 About.com. All rights reserved.