topic Re: aes+strength in Access Points - Indoor and Outdoor

aes+strength

joe_hickson — Tue, 25 Aug 2015 17:23:29 GMT

Do we know the strength of WPA2 Enterprise with AES? Everything I have read is not specific about how many bits of encryption this method is. WEP64 and WEP128 do say. Something similar to this: https://stixit.files.wordpress.com/2012/10/11.png

Re: aes+strength

john_d — Tue, 25 Aug 2015 18:41:10 GMT

WPA2-AES (without mixed, without TKIP, as you've shown in your screenshot) is still quite secure. WPA is nothing like WEP (which might as well just be open with today's technology). There's been some attacks against WPA, but WPA2 is basically only vulnerable to brute force attacking of the passphrase, which is more of a problem with preshared key and probably lesser of an issue with Enterprise as you shown.

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

It's really not the bits of encryption that screwed over WEP and WPA1, it's fundamental design flaws in the cryptographic scheme. They seem largely resolved with WPA2.

Re: aes+strength

joe_hickson — Tue, 25 Aug 2015 18:50:14 GMT

Thanks John, I was more or less looking to see if it is AES256 or 128 or to confirm that there is no bit strength associated with it and no matter how you cut it AES is just AES.

Re: aes+strength

john_d — Tue, 25 Aug 2015 18:56:08 GMT

It's complicated (tm). WPA2 is based off AES128, but the key derivation is per-session and sourced from other information together with nonces. It's hard to find a good diagram, but this student actually did a great job at explaining the key derivation:

http://cs.gmu.edu/~yhwang1/INFS612/Sample_Projects/Fall_06_GPN_6_Final_Report.pdf

I would not be concerned about the key length being a security issue personally, but of course I'm not sure what kind of attack vectors you were concerned about preventing. It's far more likely that weak user credentials are going to pose more of a problem than brute forcing the encryption scheme.

Re: aes+strength

joe_hickson — Tue, 25 Aug 2015 20:37:49 GMT

That is what I figured I just wanted some confirmation from someone else. Thanks John, take care.

Re: aes+strength

john_d — Tue, 25 Aug 2015 20:39:43 GMT

Sure thing! It's a good question to ask, because even slight deviations from the settings you made (like adding WPA + WPA2 mixed, or adding TKIP) would have negative security ramifications.