gerlich
10-29-2002, 10:30 AM
I am preparing a presentation about encryption methods, and I would like to know what are the known problems with TKIP, and why AES is so much better.
Thanks!
Thanks!
Click to See Complete Forum and Search --> : TKIP weaknesses
ECGriffith
10-29-2002, 04:37 PM
We just posted a story on the problems with current WLAN security beyond WEP that's called, aptly, Beyond WEP. You'll find it at http://www.80211-planet.com/tutorials/article.php/1490451.
JoeTampa
10-29-2002, 08:34 PM
This article has a few inaccuracies. It tends to confuse encryptions PROTCOLS and encryption ALGORTIHMS. One cannot compare WEP to AES; WEP is a protocol, AES is an algorithm. It's like comparing the engine of a car to the chassis.
What is commonly known as WEP, the "broken protocol" in current 802.11 access points, is really a combination of the WEP protcol and the RC4 encryption algorithm. Each has it's problems. WEP suffers from serious design flaws that prevent it from being secure no matter what the algorithm in use or the key length therein. Using AES as a protocol with WEP would be no more secure than WEP and RC4.
RC4 in itself has issues; one in every 256 keys is known to be weak. It is not considered to be secure enough for anything but short session transactions (like HTTPS, for example, where it is also used).
TKIP is a brand new protocol. As such, it has not had any degree of cryptanalytic scrutiny to determine it's strength or weakness. Further, what we do know of it is that it will require a new key every 10,000 packets, an approach which does not scale well. Industry commentators who speak of the protential speed degradations of TKIP are right.
The "formal" 802.11i proposal, as currently stands, does not even meet the standards for encryption in the US Federal Government and if left as-is, will not be allowed to be used there. It breaks simple rules regarding the secure generation of keys.
Further, it is expected that current APs will *NOT* be upgradeable to the final 802.11i spec.
What is commonly known as WEP, the "broken protocol" in current 802.11 access points, is really a combination of the WEP protcol and the RC4 encryption algorithm. Each has it's problems. WEP suffers from serious design flaws that prevent it from being secure no matter what the algorithm in use or the key length therein. Using AES as a protocol with WEP would be no more secure than WEP and RC4.
RC4 in itself has issues; one in every 256 keys is known to be weak. It is not considered to be secure enough for anything but short session transactions (like HTTPS, for example, where it is also used).
TKIP is a brand new protocol. As such, it has not had any degree of cryptanalytic scrutiny to determine it's strength or weakness. Further, what we do know of it is that it will require a new key every 10,000 packets, an approach which does not scale well. Industry commentators who speak of the protential speed degradations of TKIP are right.
The "formal" 802.11i proposal, as currently stands, does not even meet the standards for encryption in the US Federal Government and if left as-is, will not be allowed to be used there. It breaks simple rules regarding the secure generation of keys.
Further, it is expected that current APs will *NOT* be upgradeable to the final 802.11i spec.
JoeTampa
10-29-2002, 08:35 PM
I also forgot to mention that this article does not delve into vendor offerings such as the AirFortress, or others such as Reefedge, Netmotion, et al.
gerlich
10-30-2002, 04:24 AM
to JoeTampa and ECGriffith-
Thanks for your help!! :)
Thanks for your help!! :)
wi-fiplanet.com
Copyright 2007 Jupitermedia Corporation All Rights Reserved.
Copyright 2007 Jupitermedia Corporation All Rights Reserved.