Poor router security puts your network at risk. While we know that running a tight ship starts with router security, what you may not know is some security settings may slow down your entire network.
The primary choices for router-based encryption are WPA2-AES and WPA2-TKIP. Today we’re going to talk a bit about each and show you why AES is the clear winner.
WPA – or Wi-Fi Protected Access – was the Wi-Fi Alliance’s response to the security vulnerabilities that riddled the WEP (Wired Equivalent Privacy) protocol. It’s important to note that this was never intended to be a full-on solution, but rather an interim choice that allowed users to use their existing routers while upgrading from the relatively terrible WEP protocol, and it’s notable security flaws.
While better than WEP, WPA had some security concerns of its own, and while the attacks generally weren’t a breach of the TKIP (Temporal Key Integrity Protocol) algorithm itself – which featured 256-bit encryption – but through a supplementary system that came with the protocol called WPS, or Wi-Fi Protected Setup.
Wi-Fi Protected Setup was designed for easy device connectability, but released with enough security flaws that it fell out of favor, and began to fade into oblivion, taking WPA with it.
Currently, both WPA and WEP are retired, so we’re going to gloss right over those and instead talk about the newer version of the protocol, WPA2.
Why WPA2 Is Better
In 2006, WPA became a deprecated protocol and WPA2 replaced it.
The notable drop of TKIP encryption in favor of the newer, and more secure AES encryption (Advanced Encryption Standard) led to a faster, and more secure Wi-Fi network by moving to a real encryption algorithm rather than the stopgap alternative that was TKIP. Put simply, WPA-TKIP was merely an interim choice while they worked out a better solution in the three years between the release of WPA-TKIP and WPA2-AES.
AES, you see, is a real encryption algorithm, and not the type used solely for Wi-Fi networks. It’s a serious worldwide standard that has been used by government, the once-popular TrueCrypt, and many others to protect data from prying eyes. The same standard being used to protect your home network is a real bonus, but one that required an update in router hardware.
AES Versus TKIP for Security
TKIP is essentially a patch for WEP that resolved the problem of attackers uncovering your key after observing a relatively small amount of router traffic. To address the problem, TKIP fixed this issue by issuing a new key every few minutes, which – in theory – wouldn’t give a hacker enough data to break the key or the RC4 stream cipher that the algorithm relies on.
While TKIP offered a significant security upgrade at the time, it has since become a deprecated technology that is no longer considered secure enough to protect your network from hackers. Its biggest – but not its only – vulnerability is known as the chop-chop attack, which is an attack that actually predates the release of the encryption method itself.
The chop-chop attack allows hackers who know how to intercept and analyze streamed data the network generates to decipher the key and thus display the data in plaintext as opposed to ciphertext. If your head is spinning a bit, check out my primer on encyption for a better understanding.
AES is a totally separate encryption algorithm, and one that’s far superior to anything offered by TKIP. The algorithm is a 128-bit, 192-bit or 256-bit block cipher that doesn’t feature any of the same vulnerabilities that TKIP had.
To explain the algorithm in simple terms, it takes plaintext, and converts it to ciphertext. Ciphertext looks like a random string of characters to an observer that doesn’t have the encryption key. The device or person on the other end of the transmission has a key, which unlocks – or decrypts – the data for easier viewing. In this case, the router has the first key, and encrypts the data before broadcasting. The computer has the second key which decrypts the transmission for viewing on your screen.
The encryption level (128, 192, or 256-bit) determines the amount of “scrambling” done to the data and thus the potential number of combinations possible should you attempt to break it.
Even the smallest level of AES encryption, 128-bit, is theoretically unbreakable as current computing power would take over 100 billion billion years in order to find the correct solution to the encryption algorithm.
AES vs TKIP for Speed
TKIP is a deprecated encryption method, and apart from security concerns, it’s known to slow down systems that still run it.
Most newer routers (anything 802.11n or newer) default to WPA2-AES encryption, but if you have an older device, or for some reason selected WPA-TKIP encryption, chances are, you’re losing a significant amount of speed.
Any 802.11n router or newer (although you should really buy an AC router) slows down to 54Mbps if you enable WPA or TKIP in the security options. This is to ensure that the security protocol works properly with older devices.
802.11ac with WPA2-AES encryption offers theoretical maximum speeds of 3.46Gbps under optimum (read: never going to happen) conditions. Theoretical maximums aside, WPA2 and AES are much faster alternatives to TKIP.
The Bottom Line
AES and TKIP aren’t even worth the comparison. AES is, hands-down, the better technology in every sense of the word. Faster router speeds, insanely secure browsing and an algorithm that even major world governments rely on make it a must-use in terms of offered options on new or existing Wi-Fi networks.
With all that AES offers, is there any good reason not to use it on your home network? Why are you/aren’t you using it?
Image Credit: Vector Wireless Network Router Icon via Shutterstock