1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

TKIP vs AES

Discussion in 'Networking & Security' started by hat, Dec 9, 2010.

  1. hat

    hat Maximum Overclocker

    Joined:
    Nov 20, 2006
    Messages:
    16,920 (5.92/day)
    Thanks Received:
    2,064
    Location:
    Ohio
    I currently use AES encryption, as it's the only one that hasn't been cracked (WEP and TKIP being the alternatives). Apparantly, WEP is generic and can be hacked into by just about anyone who cares to know how. TKIP has been recently cracked, but how easy is it to get in to?

    This is for my home wireless network. I'm not too worried about getting hacked, even if I left it unsecured.

    *I do broadcast my SSID. I didn't for quite some time, but it always seemed to bring up connectivity issues. My mom has a laptop for work and she takes it all over the place and there's a list of previously accessed wireless networks in that thing about a mile long, but she does come here and use my network sometimes. For some reason, with SSID broadcasting disabled, I had to re-configure the settings for my network so she could get access. Nothing would change on my end. For this reason I leave SSID broadcasting on to avoid this issue.

    *I have a MAC address filter set up. Only my mom's desktop, which stays here, and my mom's laptop can access my network, regardless if someone knows the password or not. This leads me to believe that even if I left my network unsecured, I wouldn't actually get anyone accessing my network: the worst anyone could do is packet sniffing.

    Looking at AES and TKIP, it looks like TKIP is a lot less resource intensive than AES. I want to use the less resource intensive TKIP encryption so as to not swamp my router with the intensive AES encryption. As previously mentioned, I know TKIP has been hacked, but how easy is it to get in to?

    tl;dr I want to use TKIP instead of AES because it's less resource intensive, but should I be worried about the decreased security?
     
    Crunching for Team TPU
  2. streetfighter 2

    streetfighter 2 New Member

    Joined:
    Jul 26, 2010
    Messages:
    1,658 (1.10/day)
    Thanks Received:
    732
    Location:
    Philly
    I'm not personally. It depends how paranoid you are though.

    http://arstechnica.com/tech-policy/...e-wifi-crack-puts-further-pressure-on-wpa.ars

    I tend to think of wireless security on a more fundamental level:
    Are there a lot of people in range of your wireless network?
    Are you in an area likely to be wardriven?
    Do you transact a lot of sensitive and unencrypted data on the network?
    Do you like pistachios salted or not?
     
    hat says thanks.
  3. hat

    hat Maximum Overclocker

    Joined:
    Nov 20, 2006
    Messages:
    16,920 (5.92/day)
    Thanks Received:
    2,064
    Location:
    Ohio
    I live in an apartment complex.
    Folks is poor around here... and we're starting to see signs of the "creeping death"... that is, the ghetto is spilling over into this neighborhood. I guess people would be looking for free internet around here, but there's also tons of unsecured networks, so I reckon those people would target the unsecured networks rather than mine.
    Not really. I'm more worried about somebody packet sniffing a credit card number from a Paypal transaction and other things of that nature. The only shared files I have on my network are literally my "dc" folder (holds WCG and FAH on one machine) and my Quake folder (same machine, makes for easy modification of files through network file sharing).
    Definately salted when I get them, but I havn't had any in some time.
     
    streetfighter 2 says thanks.
    Crunching for Team TPU
  4. IggSter

    IggSter

    Joined:
    Aug 24, 2007
    Messages:
    443 (0.17/day)
    Thanks Received:
    127
    Location:
    BY-S36
    I wouldn't be worried about someone sniffing your credit card details as in most cases that connection is encrytped also, so even if someone manages to break into your wifi, they would only see an encrypted data stream.

    One of the best counters is actually to refresh your wifi key on a weekly basis - a bit of a PITA to change the clients but worth the effort IMHO.

    Another suggestion would be to use some form or 3rd party authentication (if your router supports it) such as TACACS or RADIUS.

    http://freeradius.org/
     
    hat says thanks.
  5. garyinhere

    garyinhere

    Joined:
    Jan 26, 2010
    Messages:
    1,601 (0.94/day)
    Thanks Received:
    957
    Location:
    I'm roomates with Corey Feldman
    The easiest way to get around this imo and this is also what i do, is to go to wal-mart and purchase a visa prepaid credit card. It will only have the amount of money on it that you load to it. I leave mine empty until ready to make a purchase on new egg. You can also tie the card into your PP account and if it gets compromised just cut it up and buy another... I've been using the same card for over a year with no worries about my info being stolen! Plus you don't run into credit card debt because you can only spend what you load on it:toast:
     
    hat says thanks.
  6. mrhuggles

    mrhuggles

    Joined:
    Oct 10, 2007
    Messages:
    1,540 (0.61/day)
    Thanks Received:
    174
    erm, i think that AES might not be as bad as you think, generally it uses hardware acceleration, it shouldn't be slower unless your hardware uses a purely software implementation, like if it didnt support it but support was later haxed in via a patch or something? maybe... thats why WPA2 is so much faster than WPA usually, WPA was more of a software thing and then WPA2 was a nice hardware change, am i wrong about that? im pretty sure i read it somewhere...
     
    hat says thanks.
  7. slyfox2151

    slyfox2151

    Joined:
    Jan 14, 2009
    Messages:
    2,606 (1.26/day)
    Thanks Received:
    524
    Location:
    Brisbane, Australia
    turning off SSID broadcast does nothing at all to stop hackers. it just stops it from being displayed on windows... a simple program will still see the SSID.



    good luck breaking into a WPA network....
    mac address blocking wont stop a hacker... he will just change his mac address to be the same as the laptop and bam.. he has internet.
     
    hat says thanks.
  8. hat

    hat Maximum Overclocker

    Joined:
    Nov 20, 2006
    Messages:
    16,920 (5.92/day)
    Thanks Received:
    2,064
    Location:
    Ohio
    Resource intensive on the router, I meant.

    How would he get my MAC address?
     
    Crunching for Team TPU
  9. mrhuggles

    mrhuggles

    Joined:
    Oct 10, 2007
    Messages:
    1,540 (0.61/day)
    Thanks Received:
    174
    is it really resource intense? i cant notice a difference on my WHR-HP-GN, thats 400mhz tho, but also i couldn't tell any difference on my old WRT54G v2 and that was only 200mhz, generally on the WRT54G i used openWRT and on the WHR-HP-GN i use DD-WRT
     
    hat says thanks.
  10. slyfox2151

    slyfox2151

    Joined:
    Jan 14, 2009
    Messages:
    2,606 (1.26/day)
    Thanks Received:
    524
    Location:
    Brisbane, Australia
    the laptop would send out its mac address when its connected to the router.
     
    hat says thanks.
  11. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    10,894 (4.12/day)
    Thanks Received:
    1,673
    Location:
    US
    I used a program called Wireless Monitor as it was the only one i could find that worked with my lappy and that would give you peoples mac addresses. All so it will show you the SSID's too.
     
    hat says thanks.
  12. Fourstaff

    Fourstaff Moderator Staff Member

    Joined:
    Nov 29, 2009
    Messages:
    9,181 (5.24/day)
    Thanks Received:
    1,971
    Location:
    Home
    From what I know, if you set a simple protection it will deter most from stealing your internets, if you set a strong protection it will prevent that bored kid over the corner from gaining access, and nothing will stop a determined hacker.

    Bottom line: dont worry too much.
     
    hat says thanks.
  13. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.97/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    @hat: Why not use WPA2? This has not been hacked into AFAIK

    @streetfighter 2: I like my pistachios salted. This is terribly important. :D
     
    hat says thanks.
  14. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,205 (11.62/day)
    Thanks Received:
    9,509
    pro tip: cut back the signal strength, and they cant hack it.


    if router has no options to do that, use tinfoil over the routers aerial XD



    btw i see some confusion: the actual encryption methods available are:


    None:
    WEP: basically none :p
    WPA aka WPA1: tougher to crack, but can be done given time (days of packet sniffing/forced injection)
    WPA2 (tough)

    AES and TKIP are just sub settings for those. WPA2 with TKIP is the best, iirc.


    MAC addy blocks are worthless, as you can spoof the mac addy you see sending the data when you do the sniffing. it wont even slow a hacker down.
     
    hat and qubit say thanks.
  15. RejZoR

    RejZoR

    Joined:
    Oct 2, 2004
    Messages:
    4,603 (1.27/day)
    Thanks Received:
    915
    Location:
    Europe/Slovenia
    I can't think of any reason not to use AES. Routers are designed to use it and i can asure you you can't tell a difference between unencrypted router and a router using AES. So, just AES and live a peaceful life.
     
    qubit and hat say thanks.
  16. streetfighter 2

    streetfighter 2 New Member

    Joined:
    Jul 26, 2010
    Messages:
    1,658 (1.10/day)
    Thanks Received:
    732
    Location:
    Philly
    I see some confusion-- The actual encryption methods are:
    AES
    RC4

    Wi-Fi Alliance Certifications:
    WPA
    WPA2

    The protocols:
    WEP -> Uses RC4
    TKIP - Mandatory in WPA & WPA2 spec -> Uses RC4 (AES is not mandatory in the spec)
    CCMP - Mandatory in WPA2 spec -> Uses AES
     
    hat, Mussels and qubit say thanks.
  17. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,919 (6.19/day)
    Thanks Received:
    6,019
    Use TKIP, hell use WEP. Yes they are both easily hackable but most won't even bother because they can just drive a few doors down and find an unsecured access point and get on that. You aren't a company so your wireless network is a low target.

    And MAC filtering is probably the most useless protection ever. It is insanely easy to spoof a MAC address, and they don't even have to crack the encryption to figure out what MAC address the packets are coming from.
     
    hat says thanks.
    Crunching for Team TPU 50 Million points folded for TPU
  18. RejZoR

    RejZoR

    Joined:
    Oct 2, 2004
    Messages:
    4,603 (1.27/day)
    Thanks Received:
    915
    Location:
    Europe/Slovenia
    That's not true. Even if you're just an individual, it's still smart to use max possible security.
    Either you don't want anyone to sniff your online shopping info or worse, download for example child pr0n through your connection. In the end you'll be prosecuted. So don't take wireless security too easily. Just use WPA2 AES and just forget about any possible worries.
     
    hat says thanks.
  19. kuroikenshi

    kuroikenshi

    Joined:
    Jun 26, 2008
    Messages:
    298 (0.13/day)
    Thanks Received:
    49
    Location:
    Japan
    Rather related to this... im a bit perturbed at the amount of wireless devices that can connect to wireless network ONLY if the SSID is being broadcasted.

    Why can't they work in the ability to connect to that network even if its not being broadcasted? :banghead:

    Also granted that some of these encryptions are easy to break, for the most part having SOME type of security is enough of a deterient from most people who just want a quick easy access to the internet.
     
    hat says thanks.
  20. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,822 (3.97/day)
    Thanks Received:
    3,481
    Location:
    Quantum well (UK)
    I see that I was obviously one of the confused. Cleared that up nicely for me now. :D
     
    hat says thanks.
  21. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,919 (6.19/day)
    Thanks Received:
    6,019
    No not really. As I said, MAC address filtering is just a waste of time and CPU power on a router, because it is so easily spoofed.

    And TKIP will keep everyone off your network.

    Having maximum security at the expenense of a slower connection due to an overloaded router isn't smart for an individual. The kiddy porn people aren't wasting time cracking security, they are just using the free connections that are already available to them.
     
    hat says thanks.
    Crunching for Team TPU 50 Million points folded for TPU
  22. RejZoR

    RejZoR

    Joined:
    Oct 2, 2004
    Messages:
    4,603 (1.27/day)
    Thanks Received:
    915
    Location:
    Europe/Slovenia
    What slowdown? I can't see any and i'm gaming online, downloading a lot and all. Maybe you'd notice it if you have many systems connected and you'd be using full LAN. But most of ppl use it to connect laptops wirelessly. AES is just a logical option and i really can't see a single reason not to use it. It's like deciding between a proper door lock (AES) and a wooden stick (TKIP) that's blocking it from the inside. What would you pick?
     
    hat says thanks.
  23. Fourstaff

    Fourstaff Moderator Staff Member

    Joined:
    Nov 29, 2009
    Messages:
    9,181 (5.24/day)
    Thanks Received:
    1,971
    Location:
    Home
    His hardware is probably way weaker than yours, so you might not feel it but he will certainly get some performance boost.
     
    hat says thanks.
  24. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,919 (6.19/day)
    Thanks Received:
    6,019
    Most consumer level routers can not handle TKIP or AES without effecting the connection speed, AES being worse and showing a more noticeable affect. This only really applies if you have a connection that is faster than 30Mb/s though, and once you get up that high you aren't going to notice the difference unless you really pay attention. Most people won't be able to tell a 50Mb/s connection from a 20Mb/s connection. Pages to them will load instantly with either, so it will seem to be the same. The gaming online aspect doesn't really show that you aren't seeing any slowdown, because games don't need much faster than a 5Mb/s connection, the latency is more important there.

    And your anology is a little exagerated. You make it sound like TKIP is easily broken, that is far from the case. In fact it is still extremely difficult to crack and needs some seriously powerful hardware to do it. I believe the people that did it had to use a cluster of high end computer to pull it off. It isn't something that some guy driving down the road with a laptop is going to be able to pull off.

    Or my connection is faster than his...
     
    hat says thanks.
    Crunching for Team TPU 50 Million points folded for TPU
  25. streetfighter 2

    streetfighter 2 New Member

    Joined:
    Jul 26, 2010
    Messages:
    1,658 (1.10/day)
    Thanks Received:
    732
    Location:
    Philly
    I'm sorry to point it out, but this is a wildly inaccurate analogy... Unless this is the wooden stick you're talking about:
    [​IMG]

    Have a look for yourself: http://arstechnica.com/tech-policy/...e-wifi-crack-puts-further-pressure-on-wpa.ars

    If someone was a fairly proficient programmer (and if properly motivated) they could write an exploit for TKIP and be limited to injecting tiny packets. In a few weeks they might be able to do some minor damage, but nothing that could truly compromise the network. No one has confirmed the ability to retrieve the WPA key.
     
    Last edited: Dec 10, 2010
    hat and Mussels say thanks.

Currently Active Users Viewing This Thread: 0 (0 members and 0 guests)

Share This Page