The encryption standards WPA2-AES and WPA2-TKIP are used on all modern routers, so we prepared a comparison to see which is better to protect our WiFi networks and passwords.
Having a correct Wi-Fi password that is secure and complex is essential. In this way we can keep away possible intruders who are looking for a way to enter our accounts. But it does not only matter the key that we are going to choose, and that is what exists called encryption. We have several options at our disposal.
What is WPA2?
Wi-Fi Alliance has developed Wi-Fi Protected Access 2 (WPA2) as a security certification program in order to secure wireless networks. It presents various encryption options according to the type of your WiFi router. But the most popular ones among them is WPA2-Personal, since it has been used by millions of devices at homes or small businesses. It brings two encryption modes that are called Advanced Encryption Standard (AES) and Temporal Key Integrity Protocol (TKIP), and a combination of both as AES + TKIP.
- Intel buys Rivet Networks, creators of Killer communications chips
- How to find a saved Wi-Fi password in Windows 10?
- Zoom can leak Windows 10 network login information
Is WPA2 secure? The history of wireless encryption in consumer devices
Before WPA2 and WPA, wireless routers and access points used WEP standard, which basically communicates with the RC4 cipher. With this method, all users of the wireless network share the same key and thus, be vulnerable to attacks.
The following protocol WPA-PSK had a similar problem, the communication is encrypted but with a common key. It used a secret password to encrypt, but once it is cracked, all data and network packets could be monitored.
Next protocol was WPA2-PSK, which used a pre-shared key just like WPA-PSK. Now this was more secure, but still vulnerable.
We have WPA3 now, which is currently seen as the most secure option. So if possible, upgrade your WiFi routers and access points to the ones that support WPA3.
What is TKIP?
TKIP, or Temporary Key Integrity Protocol, was introduced in the early 2000s as a security measure to replace the older and inherently insecure Wired Equivalent Privacy (WEP) encryption standard that was widely used.
While TKIP was supposed to be at least relatively more secure than WEP, the standard was deprecated in the 2012 version of Wi-Fi 802.11 after it was found to have security flaws that can be exploited by hackers without too much of a problem. This is because TKIP uses the same underlying mechanism as WEP and is therefore equally vulnerable to attack.
However, some of the new security features of the WPA-PSK (TKIP) standard, such as hashing packets, broadcast keys, and sequence counters, meant that some of the weaknesses of WEP could be eliminated.
What is AES?
AES (Advanced Encryption Standard) is a set of ciphers that is available in a block size of 128 bits and key lengths of 128, 192 or 256 bits, depending on the hardware. It’s a much more secure protocol , replacing the old Data Encryption Standard (DES) protocol that was originally released in the 1970s.
In contrast to its predecessor, AES does not use the Fiestel network and instead uses a design principle called the substitution permutation network as the basis for the block cipher algorithm. While some cryptographers occasionally provided evidence of alleged vulnerabilities in AES, all of them proved impractical or ineffective against a full AES-128 implementation.
TKIP or AES: Which one to choose?
Modern routers and access points allow you to choose between various encryption types to secure your WiFi network but not all of them are going to be secure. That is why we are going to focus on the WPA2 passwords that use TKIP or AES in this article.
First of all we want to remember the importance of correctly protecting our wireless networks. There are many types of attacks that intruders can use to break our security. That is why we must make use of tools and methods that can adequately protect us.
The fact that there are intruders on our networks can put your privacy and security at risk. Unwanted people may have access to other connected equipment as well as be able to collect personal information depending on your encryption type, method or protocol.
But in addition to this, as we can imagine, it will also pose a problem for performance. It is a fact that the more computers you have connected and using a network, the more problems regarding speed, quality and stability there may be. If we have intruders in our Wi-Fi it can suppose that the speed drops noticeably.
In short, protecting our wireless networks is going to be fundamental and that we must always keep in mind. That yes, it is necessary to correctly choose the key that we are going to use, as well as the type of encryption within the possibilities that we have at our disposal.
TKIP vs AES passwords
Among the options that we can see when using Wi-Fi encryption, possibly the most used are WPA2-AES and WPA2-TKIP. It must be said that today they are the safest, since others such as WEP and WPA (both in their different variants) have become obsolete and there are different tools that allow them to be exploited. This makes it not recommended to use them at present.
Now, within the two types that we can consider safe, they are not equally. And we can say that the ideal would be to use WPA2-AES. It is the most reliable type of encryption. It uses the latest Wi-Fi encryption standard and the latest AES encryption.
The TKIP encryption is discharged from the WiFi Alliance. This means that new routers should not use it as it is not considered fully secure today. Therefore whenever possible we should avoid it.
WPA2-TKIP uses the modern WPA2 standard but makes use of old TKIP encryption. Hence, its use is not recommended today if we want to maximize the security of our networks.
We can say then that while choosing between the Wi-Fi encryption modes TKIP or AES, the safest option is to use the first option. It is the one that will offer us a greater guarantee and have fewer security problems that can compromise our networks.
Keep in mind that there are also differences in speed. If we use WPA2-AES we will obtain better results, while WPA2-TKIP is affected when sending packets and receiving data. It is another of the factors that we must take into account, beyond the security that is logically the main one.
Why TKIP is vulnerable?
Cisco says that the TKIP encryption is vulnerable to packet decryption by a possible attacker. But mind you, only the authentication key can be stolen by a hacker. So they won’t be able to reach the encryption key and thus, reach our personal data. But with the auth key, they can log in to network and then reach devices by using other methods.
Are there any compatibility issues?
However, keep in mind that on certain occasions it will be impossible to use WPA2-AES. The reason is that some older devices will not be able to connect to networks that use this more modern encryption and have to make use of WPA2-TKIP.
This is one of the disadvantages that we can find in certain situations. Some users are forced to use older encryption such as WPA2-TKIP in order to connect other computers.