Should You Use AES or TKIP for a Faster Wi-Fi Network?

Poor router security puts your network at risk. While we know that running a tight ship starts with router security, what you may not know is some security settings may slow down your entire network.

The primary choices for router-based encryption are WPA2-AES and WPA2-TKIP. Let's look at which security protocol is more secure, and which option allows a faster connection.

What Is WPA Wi-Fi Security?

WPA---or Wi-Fi Protected Access---was the Wi-Fi Alliance's response to the security vulnerabilities that riddled the WEP (Wired Equivalent Privacy) protocol. It's important to note that this was never intended to be a full-on solution, but rather an interim choice that allowed users to use their existing routers while upgrading from the terrible WEP protocol and its notable security flaws.

While better than WEP, WPA had some security concerns of its own. The attacks generally weren't a breach of the TKIP (Temporal Key Integrity Protocol) algorithm itself, which features 256-bit encryption. Instead, breaches came through a supplementary system bundled with the protocol called WPS, or Wi-Fi Protected Setup.

Wi-Fi Protected Setup was designed for easy device connectivity. But it released with enough security flaws that it fell out of favor and began to fade into oblivion, taking WPA with it.

Currently, both WPA and WEP are retired. So, we're going instead to talk about the newer version of the protocol, WPA2, and the successor to that, WPA3.

Why Is WPA2 Better Than WPA?

In 2006, WPA became a deprecated protocol, and WPA2 replaced it.

The notable drop of TKIP encryption in favor of the newer and more secure AES encryption (Advanced Encryption Standard) led to faster and more secure Wi-Fi networks. AES encryption is much stronger in comparison to the stopgap alternative that was TKIP.

Put simply, WPA-TKIP was merely an interim choice while they worked out a better solution in the three years between the release of WPA-TKIP and WPA2-AES.

AES, you see, is a real encryption algorithm, and not the type used solely for Wi-Fi networks. It's a serious worldwide standard that has been used by government and many others to protect data from prying eyes. That the same standard is used to protect your home network is a real bonus, but one that required an update in router hardware.

Is WPA3 Better Than WPA2?

WPA3 is the long-awaited update to the WPA Wi-Fi security protocol. The upgraded security protocol includes important features for modern Wi-Fi connectivity, including:

Brute Force Protection. WPA3 will protect users, even with weaker passwords, from brute-force dictionary attacks (attacks that attempt to guess passwords over and over again).
Public Network Privacy. WPA3 adds "individualized data encryption," theoretically encrypting your connection to a wireless access point regardless of password.
Securing the Internet of Things. WPA3 arrives at a time when Internet of Things device developers are under enormous pressure to improve baseline security.
Stronger Encryption. WPA3 adds much stronger 192-bit encryption to the standard, drastically improving the level of security.

Support for WPA3 is still in the very early stages. Widespread WPA3 won't occur for a little while. Still, you will find routers on the market advertising support for WPA3 when the security protocol rolls out to consumers properly.

AES vs. TKIP: What Is the Best Wi-Fi Security Mode?

Despite AES being the more secure encryption method for Wi-Fi security, many people still opt for TKIP. That's because of the conception that a Wi-Fi connection is faster when it uses TKIP instead of AES, or that AES has other connectivity issues.

The reality is that WPA2-AES is the stronger and usually faster Wi-Fi connection. Here's why.

Is AES or TKIP More Secure?

TKIP is essentially a patch for WEP that resolved the problem of attackers uncovering your key after observing a relatively small amount of router traffic. To address the problem, TKIP fixed this issue by issuing a new key every few minutes, which, in theory, wouldn't give a hacker enough data to break the key or the RC4 stream cipher that the algorithm relies on.

While TKIP offered a significant security upgrade at the time, it has since become a deprecated technology that is no longer considered secure enough to protect your network from hackers. Its biggest (but not its only) vulnerability is known as the chop-chop attack, which is an attack that predates the release of the encryption method itself.

The chop-chop attack allows hackers who know how to intercept and analyze streamed data the network generates to decipher the key and thus display the data in plaintext as opposed to ciphertext.

If you're unsure about the difference between plaintext and ciphertext, check out these basic encryption terms.

AES: Superior and Separate

AES is a totally separate encryption algorithm. It is far superior to any security offered by TKIP. The algorithm is a 128-bit, 192-bit, or 256-bit block cipher that doesn't feature any of the same vulnerabilities that TKIP had.

To explain the algorithm in simple terms, it takes plaintext, and converts it to ciphertext. Ciphertext looks like a random string of characters to an observer that doesn't have the encryption key.

The device or person on the other end of the transmission has a key, which unlocks (or decrypts) the data for easier viewing. In this case, the router has the first key and encrypts the data before broadcasting. The computer has the second key, which decrypts the transmission for viewing on your screen.

The encryption level (128, 192, or 256-bit) determines the amount of data "scrambling," and thus, the potential number of combinations possible should you attempt to break it.

Even the smallest level of AES encryption, 128-bit, is theoretically unbreakable as current computing power would take over 100 billion billion years to find the correct solution to the encryption algorithm.

Is AES or TKIP Faster?

TKIP is a deprecated encryption method, and apart from security concerns, it's known to slow down systems that still run it.

Most newer routers (anything 802.11n or newer) default to WPA2-AES encryption, but if you have an older device, or for some reason selected WPA-TKIP encryption, chances are, you're losing a significant amount of speed.

Any 802.11n router or newer slows down to 54Mbps if you enable WPA or TKIP in the security options. This is to ensure that the security protocol works properly with older devices.

802.11ac with WPA2-AES encryption offers theoretical maximum speeds of 3.46Gbps under optimum (read: never going to happen) conditions. Theoretical maximums aside, WPA2 and AES are much faster alternatives to TKIP.

AES Is More Secure and Faster Than TKIP

AES and TKIP aren't even worth the comparison---AES is, hands-down, the better technology in every sense of the word. Faster router speeds, insanely secure browsing and an algorithm that even major world governments rely on make it a must-use in terms of offered options on new or existing Wi-Fi networks.

If you want a faster internet connection, check out the top tips on speeding up your router.