Finding my WPA key...

[slyfox2151]

This is what I was objecting to in my earlier post. Correct me if I'm wrong but AES and TKIP are not mutually exclusive. For instance, I am currently using WPA with AES, which I believe still utilizes TKIP.

If I'm correct the use of "TKIP" or "AES" as the single defining characteristic of a wireless network is a misnomer. Hence my neologism, Certificate->Protocol-Encryption.

AFAIK... AES was not/is not supported by WPA... only WPA2, will have a look into it.

EDIT,
well after having a quick look in my router.... i can indeed set WPA to be TKIP or AES..... i can also set it to TKIP + AES




if i read what you said correctly, your implying setting AES or TKIP is what people set there security as without worrying about weather they use WPA or WPA2... if that is what you mean then i dont agree.... i find most people will set WPA2 as a default if they have SOME idea of what wireless security is and not change weather is AES or TKIP as they usualy have no idea what the difference is.

i also belive that WPA+AES is better/stronger then WPA2+TKIP.

WPA2+AES+TKIP being the best of all for home use.

 

[newtekie1]

AFAIK... AES was not/is not supported by WPA... only WPA2, will have a look into it.

EDIT,
well after having a quick look in my router.... i can indeed set WPA to be TKIP or AES..... i can also set it to TKIP + AES

As I understand it: TKIP is basically a software solution, implemented to allow old WEP hardware utilize a more secure method(basically allowing hardware designed for WEP only to use WPA). AES is hardware based. AES is more secure than TKIP and has less of an impact on the router's and PC's CPU, but TKIP is obviously more compatible. TKIP basically allowed hardware that didn't support WPA to work with the WPA protocol.

In terms of what WPA and WPA2 support, AES support was optional for WPA hardware, AES support was required for WPA2 hardware.

 

[slyfox2151]

As I understand it: TKIP is basically a software solution, implemented to allow old WEP hardware utilize a more secure method(basically allowing hardware designed for WEP only to use WPA). AES is hardware based. AES is more secure than TKIP and has less of an impact on the router's and PC's CPU, but TKIP is obviously more compatible. TKIP basically allowed hardware that didn't support WPA to work with the WPA protocol.

In terms of what WPA and WPA2 support, AES support was optional for WPA hardware, AES support was required for WPA2 hardware.

ah this would be why i thort AES was not supported on WPA. it is supported but it would be a router by router basis as its not requierd.

 

[streetfighter 2]

if i read what you said correctly, your implying setting AES or TKIP is what people set there security as without worrying about weather they use WPA or WPA2...

This is NOT what I am implying. In fact, I aint implying a damn thing . I'm asserting that if you use AES with WPA you're still using TKIP, you're just NOT using RC4. WPA2 uses CCMP and AES, though according to the WPA2 standard it still supports TKIP. AES is not mandatory in the WPA specification, but I have yet to find an adapter that supports WPA but not WPA+AES, and that includes several adapters that have no support for WPA2.

So if WPA2 uses CCMP-AES and some WPA networks use AES, what protocol is a WPA+AES network using?
I believe the answer is CCMP because apparently CCM is part of the AES standard. If this is the case then could we not say that WPA2->CCMP-AES=WPA->CCMP-AES?

In other words-
Assuming Certificate->Protocol-Encryption then:

WPA2->CCMP-AES​

Therefore:

WPA->_____-AES (Fill in the blank.)​

 

[1freedude]

May sound silly, but are you trying to log into the correct router? If you are connecting wirelessly, there is a slim chance you are not on your own router. I've done it...that's why I changed the default ip address (security too).

 

[slyfox2151]

WPA and WPA2 have 3 security components:

Authentication
Key Establishment
Datagram protection

Although there is a difference in Key Establishment between WPA and WPA2, you really don't care. In WPA2 we have it working faster and supporting pre-cached PSKs.

In datagram protection the choices are: TKIP with Michael (just called TKIP) and AES-128 in CCM mode (called AES or CCMP). Both are in WPA, but only TKIP is 'certified'. There were no changes in TKIP between WPA and WPA2. With CCM we cleaned up some issues that improves pipelining, but is not a change to the algorithm or the security boundaries.

In authentication, thee first choice is full 802.1X or Preshared keys (technically, the Key Exchange uses 802.1X KEY frames, so you are always engaging some part of 802.1X but this is quibbling).

In 802.1X there is the choice of EAP method and basically it comes down to 3 open methods: TLS, PEAP, or TTLS. Of course, both PEAP and TTLS have imbedded methods, so the is even another tree branch!

Vendors would do a great service to separate Authentication from datagram protection, as by munging it all together they confuse instead of simplify (as each vendor calls everything by different names!)

http://www.dslreports.com/forum/remark,12691890?


according to this guy there is no security difference between WPA-AES and WPA2-AES... only improvements to the pipeline, unless im missing somthing?

 

[digibucc]

May sound silly, but are you trying to log into the correct router? If you are connecting wirelessly, there is a slim chance you are not on your own router. I've done it...that's why I changed the default ip address (security too).

that's a really good point. I always try to be wired, but if adminning wirelessly, you have to make sure your on the right device.

 

[Bo$$]

CCMP encryption cannot be hacked as of yet