On Sun, 10 Jun 2007 17:05:23 GMT, Julie Bove wrote:
> On 10 Jun 2007 14:29:57 GMT, Eirik Seim wrote:
>
> > The abbreviations are mostly the same, the main difference is
> > that some vendors think "Personal" is a better word than PSK,
> > or 'pre-shared key'.
>
> Wow! Why didn't the world provide me this secret decoder ring *before* I
> confusified myself and everyone else! LOL!
>
> Seriously, before you, I hadn't known that "Security Mode = WPA2 Personal"
> on my Cisco router is actually the same thing as "Network Authentication =
> WPA2-PSK" in my patched Windows XP PC. Am I the only one to not get with
> the program?

I first ran into the "personal" and "enterprise" terms while
configuring my girlfriends new iBook a year ago. I had no idea
what they really meant, and I had worked professionally with
wireless networks for a few years... so no, you're not the only
one.

> While this hidden 1:1 translation knowledge simplifies things greatly, I
> wonder aloud whether the same kind of inverted translational logic applies
> to the encryption algoritm too???
>
> For example, I've set my corresponding router & windows settings to:
> a. ROUTER: WPA Algorithms = TKIP+AES
> b. WINXP: Data Encryption = TKIP
>
> The convoluted reason I did this was that I was told TKIP is better but
> having TKIP plus AES "seemed" more secure to me. Am I ditzing out again?
>
> Or should I have just chosen a router "wpa algorithm" of TKIP and a Windows
> XP "data encryption" of TKIP?
>
> Does setting the router to "TKIP+AES" buy me anything over setting the
> router to just "TKIP"?

I think a quick and dirty history lesson is in order... :)

First came 64 bits WEP, then 128 bits WEP, both of which were
more than reasonably flawed. The chosen way of implementing
WEP allowed an attacker to deduce the key after a certain
amount of sniffed traffic.

To fix this, WPA emerged as an interim solution until the
industry could agree on something better. That version was
more or less WEP with dynamic keys and integrity checking.
The protocol WPA uses for managing the dynamic keys is called
TKIP.

Then came WPA2, or 802.11i, where the older RC4 encryption
algorithm were replaced by AES. AES is widely regarded as
stronger than RC4. WPA2 was designed to use 802.1x authentication
(what is commonly called "Enterprise"; requires quite a bit
more administration and an authentication server), and also
the less secure PSK mode ("Personal", pre-shared key). TKIP
is still supported, but AES does the same job better.

So in the end, if you are running a business and/or have
a server that could be used for issuing 802.1x certificates
and as a suitable authentication server (RADIUS, et al), I
would recommend WPA2 with 802.1x (sometimes refered to as EAP).

And if you're in a regular home with no dedicated or suitable
servers, go for the WPA2 with AES and PSK. No TKIP. Choose a
long and complex (@¤!#", etc) key, put it on a memory stick
and use copy and paste to configure every client computer.


- Eirik