cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
826
Views
0
Helpful
4
Replies

WPA with AES, is it vulnerable?

c-pollock
Level 1
Level 1

On the 4402 model wireless LAN controller, under the WLANs -> Security -> Layer2, it is possible to select WPA Policy and WPA Encrytion "AES".

Does anyone know if this combination is vulnerable to the recent TKIP exploit?

I have WPA Encryption "TKIP" explicitly unchecked, but I thought I read somewhere that TKIP might still be used for backward compatibility. Or that WPA1 with AES might not have been implemented in according to the final WPA2 definition.

4 Replies 4

scottmac
Level 10
Level 10

WPA with AES is still very strong, and not subject to the vulnerabilities of TKIP.

Good Luck

Scott

Hi Scott,

Thanks for your reply.

I just re-read this from the original Cisco Security Response where it says:

"TKIP is the mandatory cipher suite for the first version of the Wi-Fi Protected Access (WPA) specification and it is an option for the Wi-Fi Protected Access version 2 (WPA2) standard.".

Even though we are using WPA(1) where the specification says it is mandatory to include TKIP in the "cipher suite", we are implementing AES and have explicitly disabled TKIP.

I interpret this to mean that we are not vulnerable.

Regards,

Cameron.

WPA/Tkip PSK has been compromised as you know, but setting WPA/AES PSK has not been CRACKED....

The only thing is that some devices do not let you setup wpa/aes. I have seen devices that allow you to only either set wpa or the aes. When wpa is the only option, then tkip is automatically set. When TKIP/AES is the only option and you choose AES, then WPA2 is default.

-Scott
*** Please rate helpful posts ***

Even though TKIP is vulnerable, the atttacks are dictionary-based. If you use a 63-character random string it is still highly unlikely that your TKIP network will be cracked. It's more likely that someone will steal the key via physical means...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: