Wireless-ethernet bridge with WPA-PSK (AES) ?

Is there not a wireless-ethernet bridge ("gaming adapter") that supports
WPA-PSK (AES) ?

I've bought two from a local store only to return them because they don't do
AES. I told them I would keep purchasing and returning until the
manufacturers learn to put full specifications on the box. If they just
list WEP and WPA-PSK, HTF are you supposed to know if WPA-PSK is both TKIP
and AES?

Thought about ordering online, but I sent an email to a couple manufacturers
asking if specific bridges support AES but they babble talk and refuse to
give a clear answer. Probably because they don't have a clue.

What is WPA2? Is WPA2 the same thing as "WPA-PSK (AES)" ? Would I bridge
that says WPA2 on the box work with "WPA-PSK (AES)" ?

Thanks...

On Tue, 24 Feb 2009 12:00:10 -0500, "bc20" <bc20z020@hotmail.com>
wrote:

>Is there not a wireless-ethernet bridge ("gaming adapter") that supports
>WPA-PSK (AES) ?
>
>I've bought two from a local store only to return them because they don't do
>AES. I told them I would keep purchasing and returning until the
>manufacturers learn to put full specifications on the box. If they just
>list WEP and WPA-PSK, HTF are you supposed to know if WPA-PSK is both TKIP
>and AES?
>
>Thought about ordering online, but I sent an email to a couple manufacturers
>asking if specific bridges support AES but they babble talk and refuse to
>give a clear answer. Probably because they don't have a clue.
>
>What is WPA2? Is WPA2 the same thing as "WPA-PSK (AES)" ? Would I bridge
>that says WPA2 on the box work with "WPA-PSK (AES)" ?
>
>Thanks...

I believe dd-wrt supports WPA-PSK AES, in case you're willing to go
that route. That's what I would do.

On Tue, 24 Feb 2009 12:00:10 -0500, "bc20" <bc20z020@hotmail.com>
wrote:

>Is there not a wireless-ethernet bridge ("gaming adapter") that supports
>WPA-PSK (AES) ?

Yes. Any of the devices supported by DD-WRT firmware.

I don't have a list of game adapters that specifically mention
WPA2-PSK-AES. That's because most of the common game adapter were
introduced with firmware that does NOT support WPA2. However, they
also have firmware updates that usually supply the missing feature.

>I've bought two from a local store only to return them because they don't do
>AES.

Did you check the web sites for the unspecified hardware for updates
that might just support WPA2-PSK-AES ??

Which makes and models did you buy?

>I told them I would keep purchasing and returning until the
>manufacturers learn to put full specifications on the box.

Chuckle. I almost spilled my cup or herbal tea over that. Most of
the manufacturers are going out of their way to dramatically reduce
any technical descriptions, specs, or performance claims. I've been
fighting that battle for years with little success. Anyway, it's
considered good form to research the products online before shelling
out money. Try the wireless reviews at:
<http://www.smallnetbuilder.com/content/blogcategory/75/96/>

Let's see if the Linksys WGA54G does WPA2-Personal-AES. Looks like
v1.10 only does WEP:
<http://ui.linksys.com/files/WGA54G/1.10/Setup.htm>
I did some digging and found that the WGA54G v2 hardware supports
WPA2-TKIP but *NOT* WPA2-AES. Oddly, it claims that it requires v1.16
firmware, while the latest on the LinksysBuyCisco web pile is 1.10.
<http://www.amazon.com/review/R11ZS5JWOEDJXO>
So, you're right. No WPA2-AES for that game adapter which is not
surprising for firmware released in 2005.

>If they just
>list WEP and WPA-PSK, HTF are you supposed to know if WPA-PSK is both TKIP
>and AES?

You're right. It should be listed. However, WPA and WPA2 may have
been added after the initial firmware release.

>Thought about ordering online, but I sent an email to a couple manufacturers
>asking if specific bridges support AES but they babble talk and refuse to
>give a clear answer. Probably because they don't have a clue.

True. My favorite fun question is "What's the current version number
of the firmware?" They never seem to know that.

>What is WPA2? Is WPA2 the same thing as "WPA-PSK (AES)" ?

Yes. They're the same. PSK means "pre-shared key" which is sometime
called "WPA-Personal". AES is the "Advanced Encryption Something"
which is the new and improved encryption standard endorsed by the
federal bureaucracy. There's also authentication standards that came
with AES. See:
<http://en.wikipedia.org/wiki/Wpa2>

>Would I bridge
>that says WPA2 on the box work with "WPA-PSK (AES)" ?

Sorta. WPA2 will work with either TKIP encryption (as used with WPA)
or optionally AES. The optional is the key here. TKIP is a stream
cipher and is easily done in either hardware or software. AES is a
block cipher and is not so simple. AES was originally intended to be
done only in hardware. That's why it's optional. However, CPU
horsepower has improved sufficiently that AES can now be done easily
in software. The problem is that some manufacturers are reluctant to
revise firmware for products they no longer sell, resulting in no AES
support. It's also possible that they ran out of RAM/ROM needed to
implement AES. Hard to tell, but you will find devices that only do
WPA2-PSK-TKIP and NOT do WPA2-PSK-AES. Offhand, I can't think of any,
but I've seen them in the past.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Apparently, AES is part of the WPA2 spefication, but some manufactuers
started using AES earlier in WPA1 in a "non standard" sort of way.

I need a bridge that can talk to an AP using WPA1-PSK-AES. I tried using
WPA2 on a bridge, but it doesn't work. After digging further, I read that
even though the encryption matches, WPA1 and WPA2 have different broadcast
flags. So, WPA1-PSK-AES will only talk to WPA1-PSK-AES... :(

And there is zero way of knowing if XYZ bridge does WPA1-PSK-AES because the
full specs aren't written on the web sites, let alone the box. Asking a
sales drone is also a waste of time too. They stare like a deer caught in
headlights...

On Thu, 26 Feb 2009 21:37:56 -0500, "bc20" <bc20z020@hotmail.com>
wrote:

>Apparently, AES is part of the WPA2 spefication, but some manufactuers
>started using AES earlier in WPA1 in a "non standard" sort of way.

None that I know of. Which product has WPA with AES? As far as I can
determine, WPA is only supplied with TKIP encryption.

>I need a bridge that can talk to an AP using WPA1-PSK-AES.

Why? I can guess, but I want to know what you're trying to accomplish
by specifying this non-existent mode of encryption and authentication.

Do you own the access point or wireless router that you're trying to
connect with? What make and model access point? If it's NOT yours,
then you're doing something wrong.

>I tried using
>WPA2 on a bridge, but it doesn't work.

Yes, I've seen that. Some bridge systems will only do WEP. DD-WRT
will do WPA-PSK-TKIP:
<http://www.dd-wrt.com/wiki/index.php/Wireless_Bridge#WPA_.26_WPA2>
However, I had problems with disconnects when using WPA2-PSK-AES and
went back to WPA-PSK-TKIP

>After digging further, I read that
>even though the encryption matches, WPA1 and WPA2 have different broadcast
>flags. So, WPA1-PSK-AES will only talk to WPA1-PSK-AES... :(

Yep, but some access points and wireless routers have an algorithm
where it will accept connections from either TKIP or AES. For
example, the common DD-WRT firmware supports this mode. It supports:
"WPA2 Personal Mixed"
However, there is no option for WPA with mixed encryption methods. WPA
only does TKIP.

>And there is zero way of knowing if XYZ bridge does WPA1-PSK-AES because the
>full specs aren't written on the web sites, let alone the box. Asking a
>sales drone is also a waste of time too. They stare like a deer caught in
>headlights...

Yep. You're not going to get tech support or system engineering help
at a big box store.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Found one that works. Linksys WET54G, H/W Version 3.1

The setup lists both TKIP and AES for WPA1. (It also has both for WPA2.)

Sure enough, when WPA1 is selected with AES, it connected fine, but when
WPA2 is selected with AES it doesn't connect.
Nor does it connect when TKIP is selected for either.

On Fri, 27 Feb 2009 23:32:19 -0500, "bc20" <bc20z020@hotmail.com>
wrote:

>Found one that works. Linksys WET54G, H/W Version 3.1
>The setup lists both TKIP and AES for WPA1. (It also has both for WPA2.)

Egads.... You're right. I checked the settings at:
<http://ui.linksys.com/files/WET54G/v3/2.07/index.htm>
Both AES and TKIP are offered in both WPA and WPA2. Amazing.

>Sure enough, when WPA1 is selected with AES, it connected fine, but when
>WPA2 is selected with AES it doesn't connect.
>Nor does it connect when TKIP is selected for either.

Chuckle. Usually it's TKIP that works every time in WPA2 mode, and
not AES. Now, it's backwards. Congratulations, maybe.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

"Jeff Liebermann" <jeffl@cruzio.com> wrote in message
news:m7rhq41legs6it9r53mfifjfph15njjopq@4ax.com...
> On Fri, 27 Feb 2009 23:32:19 -0500, "bc20" <bc20z020@hotmail.com>
> wrote:
>
>>Found one that works. Linksys WET54G, H/W Version 3.1
>>The setup lists both TKIP and AES for WPA1. (It also has both for WPA2.)
>
> Egads.... You're right. I checked the settings at:
> <http://ui.linksys.com/files/WET54G/v3/2.07/index.htm>
> Both AES and TKIP are offered in both WPA and WPA2. Amazing.
>
>>Sure enough, when WPA1 is selected with AES, it connected fine, but when
>>WPA2 is selected with AES it doesn't connect.
>>Nor does it connect when TKIP is selected for either.
>
> Chuckle. Usually it's TKIP that works every time in WPA2 mode, and
> not AES. Now, it's backwards. Congratulations, maybe.

Yeah, that emulator is also old as well. The newest software firmware has
both WPA and WPA2 in the drop down box. (Along with WEP, Radius, etc.)
AES/TKIP are selectable for both WPA and WPA2. The only combination that I
got it finally working with was WPA and AES.

I'm not sure what router or AP they were using at the place I needed the
bridge at. All I know is that it was a Linksys.

I have a AP at home that also does WPA1-PSK-AES. (It doesn't even have
WPA2). It is the DLink DWL-7100AP

If my reading was correct, AES was intended for WPA2, but some manufacturers
"snuck" it into WPA1 early, making WPA1-PSK-AES a proprietary "non standard"
?
Also read that even though the encryption matches with WPA2, there are major
differences with the other protocols, so the two (WPA1-PSK-AES and
WPA2-PSK-AES) can't talk to one another...

Ya'd think they (manufacturers) would have wanted to prevent confusion...
Oh well...

> I have a AP at home that also does WPA1-PSK-AES. (It doesn't even have
> WPA2). It is the DLink DWL-7100AP

http://support.dlink.com/emulators/d...WepParam0.html

On Sat, 28 Feb 2009 12:16:10 -0500, "bc20" <bc20z020@hotmail.com>
wrote:

>
>> I have a AP at home that also does WPA1-PSK-AES. (It doesn't even have
>> WPA2). It is the DLink DWL-7100AP
>
>http://support.dlink.com/emulators/d...WepParam0.html

Y'er right. Amazing. The data sheet at:
<http://www.dlink.com/products/resource.asp?pid=304&rid=1012&sec=0>
shows:
WPA - Wi-Fi Protected Access
(WPA - TKIP/AES PSK)

Ugh. I was wrong. WPA-PSK-AES is sorta kinda supported on DD-WRT:
<http://www.dd-wrt.com/wiki/index.php/Wireless_security#Preference_Summary>

You can use WPA + AES for higher security than TKIP, but only if
your devices support it (it is optional). For this reason it is not
very common. You also do not get the improved roaming features of
WPA2.

WPA + TKIP+AES provides a fallback in case AES is not supported by
a device in that it switches to the more common TKIP. The
disadvantage is that it might switch to TKIP unexpectedly but is
more backwards compatible if needed.

I still think it's a bad idea. My (second) guess is that there are
quite a few client radios and drivers that will not support the
WPA-PSK-AES mode.

Weird, totally weird. It kinda looks like some manufacturers had the
room to implement AES encryption, but ran out of horsepower or space
to implement the various WPA2 authentication methods.

Looking at the various home router certifications at:
<http://certifications.wi-fi.org/wbcs_certified_products.php?search=1&lang=en&filte r_category_id=1&listmode=1>
most of the common wireless routers are tested and certified for WPA
and WPA2 with an assortment of authentication protocols. However,
there's no detail on which combination of encryption protocols are
included in the test.
<http://www.wi-fi.org/certification_programs.php>
The associated "white paper" on the certification process only hints
that the testing follows 802.11i. So, grabbing 802.11i:
<http://standards.ieee.org/getieee802/download/802.11i-2004.pdf>
I'm blessed with 190 pages of heavy reading which is guaranteed to
turn my brain into mush. A quick search offers no mention of WPA or
WPA2, but the underlying protocols are described in excruciating
detail. Methinks I'll pass for now and leave this exercise for
another time when I'm awake and have more time.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <jeffl@cruzio.com> wrote in message
news:oo2jq4dpeq6lemvf76fae2koo21l0r32i2@4ax.com...
> On Sat, 28 Feb 2009 12:16:10 -0500, "bc20" <bc20z020@hotmail.com>
> wrote:
>
>>
>>> I have a AP at home that also does WPA1-PSK-AES. (It doesn't even have
>>> WPA2). It is the DLink DWL-7100AP
>>
>>http://support.dlink.com/emulators/d...WepParam0.html
>
> Y'er right. Amazing. The data sheet at:
> <http://www.dlink.com/products/resource.asp?pid=304&rid=1012&sec=0>
> shows:
> WPA - Wi-Fi Protected Access
> (WPA - TKIP/AES PSK)
>
> Ugh. I was wrong. WPA-PSK-AES is sorta kinda supported on DD-WRT:
> <http://www.dd-wrt.com/wiki/index.php/Wireless_security#Preference_Summary>
>
> You can use WPA + AES for higher security than TKIP, but only if
> your devices support it (it is optional). For this reason it is not
> very common. You also do not get the improved roaming features of
> WPA2.
>
> WPA + TKIP+AES provides a fallback in case AES is not supported by
> a device in that it switches to the more common TKIP. The
> disadvantage is that it might switch to TKIP unexpectedly but is
> more backwards compatible if needed.
>
> I still think it's a bad idea. My (second) guess is that there are
> quite a few client radios and drivers that will not support the
> WPA-PSK-AES mode.
>
> Weird, totally weird. It kinda looks like some manufacturers had the
> room to implement AES encryption, but ran out of horsepower or space
> to implement the various WPA2 authentication methods.
>
> Looking at the various home router certifications at:
> <http://certifications.wi-fi.org/wbcs_certified_products.php?search=1&lang=en&filte r_category_id=1&listmode=1>
> most of the common wireless routers are tested and certified for WPA
> and WPA2 with an assortment of authentication protocols. However,
> there's no detail on which combination of encryption protocols are
> included in the test.
> <http://www.wi-fi.org/certification_programs.php>
> The associated "white paper" on the certification process only hints
> that the testing follows 802.11i. So, grabbing 802.11i:
> <http://standards.ieee.org/getieee802/download/802.11i-2004.pdf>
> I'm blessed with 190 pages of heavy reading which is guaranteed to
> turn my brain into mush. A quick search offers no mention of WPA or
> WPA2, but the underlying protocols are described in excruciating
> detail. Methinks I'll pass for now and leave this exercise for
> another time when I'm awake and have more time.

Yeah, the whole WPA1-PSK-AES thing threw me off at first too. I also
thought that WPA1-PSK-AES was "WPA2", but it is its own animal...

The Sony PS3 and PSP, along with with Nintendo Wii, support WPA1-PSK-AES (in
addition to WPA2). WPA1-PSK-AES are given as a seperate option...

On Thu, 12 Mar 2009 07:59:14 -0400, "bc20" <bc20z020@hotmail.com>
wrote:

>Yeah, the whole WPA1-PSK-AES thing threw me off at first too. I also
>thought that WPA1-PSK-AES was "WPA2", but it is its own animal...
>
>The Sony PS3 and PSP, along with with Nintendo Wii, support WPA1-PSK-AES (in
>addition to WPA2). WPA1-PSK-AES are given as a seperate option...

I'm afraid you're right. Since you mentioned it, I've been looking at
various current wireless router wireless encryption setups and finding
that most of them now support WPA1-PSK-AES. Yet another defacto
standard. I haven't had time (or the intestinal fortitude) to read
through IEEE 802.11 docs to see if it's kosher.


--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Thu, 12 Mar 2009 10:51:18 -0700, Jeff Liebermann <jeffl@cruzio.com> wrote:

~ On Thu, 12 Mar 2009 07:59:14 -0400, "bc20" <bc20z020@hotmail.com>
~ wrote:
~
~ >Yeah, the whole WPA1-PSK-AES thing threw me off at first too. I also
~ >thought that WPA1-PSK-AES was "WPA2", but it is its own animal...
~ >
~ >The Sony PS3 and PSP, along with with Nintendo Wii, support WPA1-PSK-AES (in
~ >addition to WPA2). WPA1-PSK-AES are given as a seperate option...
~
~ I'm afraid you're right. Since you mentioned it, I've been looking at
~ various current wireless router wireless encryption setups and finding
~ that most of them now support WPA1-PSK-AES. Yet another defacto
~ standard. I haven't had time (or the intestinal fortitude) to read
~ through IEEE 802.11 docs to see if it's kosher.

WPA1-AES is neither a standard per IEEE 802.11i nor per the Wi-Fi Alliance.
WPA1-TKIP is a Wi-Fi standard, and WPA2-TKIP and WPA2-AES are standard per
both IEEE and Wi-Fi.

Generally speaking, WPA1-AES showed up when hardware appeared that supported
AES, before the advent of supplicants that supported WPA2.

For example, Windows XP SP2 did not support WPA2 at FCS (you either needed
to add a hotfix such as 893357, or upgrade to SP3, to get WPA2.) However,
it did support WPA1-AES, if the hardware supported AES.

Among Cisco products, our "autonomous products" such as wireless routers
(871W, HWIC-AP) and APs (AP1131, AP1252, etc.) support WPA1-TKIP and
WPA2-TKIP/AES, but not WPA1-AES. However, our "centralized" solution
(lightweight APs running under control of a Wireless LAN Controller) do
support WPA1-AES as well as the others.

Aaron