Pinterest Stumbleupon Whatsapp
Ads by Google

Poor router security puts your network at risk. While we know that running a tight ship starts with router security, what you may not know is some security settings may slow down your entire network.

The primary choices for router-based encryption are WPA2-AES and WPA2-TKIP. Today we’re going to talk a bit about each and show you why AES is the clear winner.

Introducing WPA

WPA – or Wi-Fi Protected Access – was the Wi-Fi Alliance’s response to the security vulnerabilities that riddled the WEP (Wired Equivalent Privacy) protocol. It’s important to note that this was never intended to be a full-on solution, but rather an interim choice that allowed users to use their existing routers while upgrading from the relatively terrible WEP protocol, and it’s notable security flaws.

While better than WEP, WPA had some security concerns Think Your WPA-Protected Wifi Is Secure? Think Again - Here Comes The Reaver Think Your WPA-Protected Wifi Is Secure? Think Again - Here Comes The Reaver By now, we should all be aware of the dangers of securing networks with WEP, which I demonstrated before how you could hack in 5 minutes. The advice has always been to use WPA or... Read More of its own, and while the attacks generally weren’t a breach of the TKIP (Temporal Key Integrity Protocol) algorithm itself – which featured 256-bit encryption – but through a supplementary system that came with the protocol called WPS, or Wi-Fi Protected Setup.

Wi-Fi Protected Setup was designed for easy device connectability, but released with enough security flaws that it fell out of favor, and began to fade into oblivion, taking WPA with it.

Ads by Google

Currently, both WPA and WEP are retired, so we’re going to gloss right over those and instead talk about the newer version of the protocol WPA2, WEP, And Friends: What's The Best Way To Encrypt Your Wi-Fi? WPA2, WEP, And Friends: What's The Best Way To Encrypt Your Wi-Fi? When setting up wireless encryption on your router, you'll come across a variety of confusing terms -- WPA2, WPA, WEP, WPA-Personal, and WPA-Enterprise. Read More , WPA2.

Why WPA2 Is Better

In 2006, WPA became a deprecated protocol and WPA2 replaced it.

The notable drop of TKIP encryption in favor of the newer, and more secure AES encryption (Advanced Encryption Standard) led to a faster, and more secure Wi-Fi network by moving to a real encryption algorithm rather than the stopgap alternative that was TKIP. Put simply, WPA-TKIP was merely an interim choice while they worked out a better solution in the three years between the release of WPA-TKIP and WPA2-AES.

AES, you see, is a real encryption algorithm, and not the type used solely for Wi-Fi networks. It’s a serious worldwide standard that has been used by government, the once-popular TrueCrypt TrueCrypt Is Dead: 4 Disk Encryption Alternatives For Windows TrueCrypt Is Dead: 4 Disk Encryption Alternatives For Windows Read More , and many others to protect data from prying eyes. The same standard being used to protect your home network is a real bonus, but one that required an update in router hardware.

AES Versus TKIP for Security

TKIP is essentially a patch for WEP that resolved the problem of attackers uncovering your key after observing a relatively small amount of router traffic. To address the problem, TKIP fixed this issue by issuing a new key every few minutes, which – in theory – wouldn’t give a hacker enough data to break the key or the RC4 stream cipher that the algorithm relies on.

While TKIP offered a significant security upgrade at the time, it has since become a deprecated technology that is no longer considered secure enough to protect your network How Easy Is It to Crack a Wi-Fi Network? How Easy Is It to Crack a Wi-Fi Network? Whether you're a computer novice or a pro-level geek, you probably have some idea about Wifi security. You know that you need to have some kind of password, and you also know that there's a... Read More from hackers. Its biggest – but not its only – vulnerability is known as the chop-chop attack, which is an attack that actually predates the release of the encryption method itself.

The chop-chop attack allows hackers who know how to intercept and analyze streamed data the network generates to decipher the key and thus display the data in plaintext as opposed to ciphertext. If your head is spinning a bit, check out my primer on encyption How Does Encryption Work, and Is It Really Safe? How Does Encryption Work, and Is It Really Safe? Read More for a better understanding.

AES is a totally separate encryption algorithm, and one that’s far superior to anything offered by TKIP. The algorithm is a 128-bit, 192-bit or 256-bit block cipher that doesn’t feature any of the same vulnerabilities that TKIP had.

To explain the algorithm in simple terms, it takes plaintext, and converts it to ciphertext. Ciphertext looks like a random string of characters to an observer that doesn’t have the encryption key. The device or person on the other end of the transmission has a key, which unlocks – or decrypts – the data for easier viewing. In this case, the router has the first key, and encrypts the data before broadcasting. The computer has the second key which decrypts the transmission for viewing on your screen.

The encryption level (128, 192, or 256-bit) determines the amount of “scrambling” done to the data and thus the potential number of combinations possible should you attempt to break it.

Even the smallest level of AES encryption, 128-bit, is theoretically unbreakable as current computing power would take over 100 billion billion years in order to find the correct solution to the encryption algorithm.

AES vs TKIP for Speed

wireless-router-illustration

TKIP is a deprecated encryption method, and apart from security concerns, it’s known to slow down systems that still run it.

Most newer routers (anything 802.11n or newer) default to WPA2-AES encryption, but if you have an older device, or for some reason selected WPA-TKIP encryption, chances are, you’re losing a significant amount of speed.

Any 802.11n router or newer (although you should really buy an AC router Are Tri-Band Wireless-AC Routers Actually Faster? Are Tri-Band Wireless-AC Routers Actually Faster? When it comes to home networking questions, what we're really looking for are two things: faster speeds and better reliability. Read More ) slows down to 54Mbps if you enable WPA or TKIP in the security options. This is to ensure that the security protocol works properly with older devices.

802.11ac with WPA2-AES encryption offers theoretical maximum speeds of 3.46Gbps under optimum (read: never going to happen) conditions. Theoretical maximums aside, WPA2 and AES are much faster alternatives to TKIP.

The Bottom Line

AES and TKIP aren’t even worth the comparison. AES is, hands-down, the better technology in every sense of the word. Faster router speeds 10 Ways To Improve The Speed of Your Current Router 10 Ways To Improve The Speed of Your Current Router Here are a few simple router tweaks that could make a world of difference on your home Wi-Fi network. Read More , insanely secure browsing and an algorithm that even major world governments rely on make it a must-use in terms of offered options on new or existing Wi-Fi networks.

With all that AES offers, is there any good reason not to use it on your home network? Why are you/aren’t you using it? 

Image Credit: Vector Wireless Network Router Icon via Shutterstock

  1. Kartik
    May 20, 2016 at 11:48 am

    With AES my wifi disconnects automatically many times a day. After switching to TKIP, my problem get fixed.

  2. Mihai
    April 11, 2016 at 12:17 pm

    A gaming station shouldn't use wireless. lol :D

  3. megadude
    February 19, 2016 at 8:22 pm

    WOW!

  4. emrecnl
    July 17, 2015 at 4:19 am

    I get better ping in online multiplayer games when my router is set to TKIP instead of AES. With AES it's just unplayable. 150+ ping ? lol

Leave a Reply

Your email address will not be published. Required fields are marked *