CommScope RUCKUS Community Forums

joe_hickson · ‎08-25-2015

Do we know the strength of WPA2 Enterprise with AES? Everything I have read is not specific about how many bits of encryption this method is. WEP64 and WEP128 do say. Something similar to this: https://stixit.files.wordpress.com/2012/10/11.png

john_d · ‎08-25-2015

WPA2-AES (without mixed, without TKIP, as you've shown in your screenshot) is still quite secure. WPA is nothing like WEP (which might as well just be open with today's technology). There's been some attacks against WPA, but WPA2 is basically only vulnerable to brute force attacking of the passphrase, which is more of a problem with preshared key and probably lesser of an issue with Enterprise as you shown.

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

It's really not the bits of encryption that screwed over WEP and WPA1, it's fundamental design flaws in the cryptographic scheme. They seem largely resolved with WPA2.

joe_hickson · ‎08-25-2015

Thanks John, I was more or less looking to see if it is AES256 or 128 or to confirm that there is no bit strength associated with it and no matter how you cut it AES is just AES.

john_d · ‎08-25-2015

It's complicated (tm). WPA2 is based off AES128, but the key derivation is per-session and sourced from other information together with nonces. It's hard to find a good diagram, but this student actually did a great job at explaining the key derivation:

http://cs.gmu.edu/~yhwang1/INFS612/Sample_Projects/Fall_06_GPN_6_Final_Report.pdf

I would not be concerned about the key length being a security issue personally, but of course I'm not sure what kind of attack vectors you were concerned about preventing. It's far more likely that weak user credentials are going to pose more of a problem than brute forcing the encryption scheme.

joe_hickson · ‎08-25-2015

That is what I figured I just wanted some confirmation from someone else. Thanks John, take care.

CommScope RUCKUS Community Forums

aes+strength