Most modern Wi-Fi home networking equipment supports WPA wireless security (and often the newer, improved WPA2). When setting up your network with WPA, you will see several options to choose from, typically including a choice of encryption method - AES or TKIP. Which one of these is better?
→ More - Securing Your Wireless Network - Encryption and Authentication (netsecurity.about.com)
AES offers stronger encryption technology and is the right choice (assuming all of the devices on your network support it). However, TKIP is also strong and tends to be supported by more equipment on the market. Either is far preferable to using no encryption at all, but consider AES first and TKIP as a reasonable backup option.
→ See Also - Top 10 Tips for Wireless Network Security→ More - Securing Your Wireless Network - Encryption and Authentication (netsecurity.about.com)
Now, with the checksum weakness discovered in TKIP, AES is the clear choice for best security.
See also About.com Network Security coverage of the recent crack – WPA Encryption Cracked
This title should read either “AES vs. RC4″ or “CCMP vs. TKIP.” The former are encryption methods; the latter are protocols. (CCMP uses AES, etc.) Similarly, the text mixes these distinctions up.
Hate to disagree, but the title is perfect the way it is. Those are the two choices given when setting up a router/card. A green installer doesn’t care if one of them is a breed of pumpkin, he just wants to know which choice to make.
I agree with him the tittle is perfect you just want to through around that you know some thing start your own blog!
Technical accuracy matters if you want to learn about stuff.
I thought it was valuable of dp to point out the difference between protocol and encryption.
For many people, who don’t care to learn about stuff and just want it to work, it is worthless information, but I certainly appreciated it. So, thanks, dp.
The way it is stated is correct. But all points are valid. I agree with the pretense that we read to learn. it sends me to a reference on occasion, but when I’m through, I’ve got it.
I wholeheartedly agree with peej – technical accuracy does matter but we all are sometimes loose with our language – look at Bradford’s comment: he uses English words but juxtaposes them with little sense! He should restrict himself to tittle sentences without titles.
@peej
+1
TKIP Protocol plus AES encryption is the way to go for now.
If you are using a “point to point” link you can greatly increase security by using a directional antenna.
The best wireless security is by not having hackers get interested in your signal.
@ Gordon James
“The best wireless security is by not having hackers get interested in your signal.”
Wrong. Security by obscurity is never a good idea, despite the fact that most people seem to mix them up frequently.
@ J
“Security by obscurity is never a good idea…”
Every “layer” of security helps.
bottom line if someone wants in they will get in its just like a lock on your front door if a thief wants in the thief will get passed it
Just tested throughput with iperf and wanted to share my results:
WPA2 PSK AES : 22.2 Mbps
WPA2 PSK TKIP : 20.9 Mbps
no wifi security: 22.2 Mbps
I was having issues with my wireless adapter repeatedly dropping connectivity [an older linksys usb adapter] I identified my network was configured for AES, changed to TKIP and seems to be maintaining connectivity better.
The brand new Nook 2nd Edition, launched in June 2011, does not support AES but does support TKIP. Go figure.
Well I have another problem. Ruckus wireless doesn’t appear to support N technology with TKIP, but set to AES clients connectivity is very iffy, through put can be fast or none exsistant. Don’t you just love wireless….
Also important to note: strain of Pumpkin vs breed of Gerbil, not breed of Pumpkin.
You can get carried away with making things so specific to the point where, it has no significant/understandable relevance to practical implementation.
Communication technologies combine so many diverse layers/protocols/encryptions/encapsulations/etc. that ways of understanding them in practical scenarios, simply, workably and quickly, require ‘mashing’ distinguishable levels into several, simpler groups.
I.T. is a collaboration not a difficult language. If it becomes too difficult, it will die.
Simple sells!
My old Linksys WRT54G wireless security setup page states:
“WPA Pre-Shared Key: There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encrytption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.” (No further information is given.)
They certainly appear to be recommending TKIP over AES. This leads me to believe that the “AES” used by this router is different than the AES-CCMP used by WPA2 capable routers.
This title is perfect for noobs such as my self… Lead me straight to the info i was after and as a previous comment said, it relates to the options given.
Just my opinion.
Things have moved on since the original blog comment was made 3.5 years ago (don’t forget that at least 50% of the internet is out of date and the percentage is growing
)
TKIP was deprecated by the IEEE in January 2009.
The WiFi-Alliance proposed banning TKIP on all new devices from 2012
http://www.zdnet.com/blog/hardware/wi-fi-alliance-to-dump-wep-and-tkip-not-soon-enough/8677
Right on Simon says,everyone pokin round in here ought know they cant even type this stuff b4 its obsolete. Best security???? WOW my head b splittin now. What ya say we reconnect the cord. Only thing I can ever remember hacking it was wire cutters!
My problem is that Win 7 won’t let me use AES only TKIP although the router is set for AES (both on WPA2).
I haven’t changed any settings on my Netgear DGND3700 router that I wasn’t sure about.
Although the connection still works it’s heaps slower than it was when I had to reset the router.
Can anyone help with this Win 7 issue.
Thanks
@pdomo
look for the properties from ur connection change it to AES settings from the security tab it should help
when switch to tkip laptop doesn`t work and nook work, swith to aes laptop work nook doesn`t work..Why?
@70decilon It is actually advanced encryption standard not system. Just to clear it up.
@Lemmings Dude this is what we hackers like. Perfection of the electronic art and to direct people towards the path of knowledge and infinite wisdom. Learning is far better for the human race than ‘selling’. Come on man. We’re supposed to motivate individuals to achieve greatness, peace, and the power of the force, not money man.
@Student2^32-1 agreed halfheartedly
@Lemming agreed wholeheartedly
I agree with dp and peej; both have very good points. Technical information should be clear and informative. It doesn’t have to be difficult, but misinforming people creates confusion. An article aimed at clarifying a subject should strive to contain accurate information. Details such as AES (CCMP) versus RC4 (TKIP) are vital to curbing misleading information disseminated by commercial product interfaces and create a more knowledgeable end-user.
Thank you Rufus, could not have said it better