cancel
Showing results for 
Search instead for 
Did you mean: 

aes+strength

joe_hickson
New Contributor II
Do we know the strength of WPA2 Enterprise with AES?  Everything I have read is not specific about how many bits of encryption this method is. WEP64 and WEP128 do say. Something similar to this: https://stixit.files.wordpress.com/2012/10/11.png
5 REPLIES 5

john_d
Valued Contributor II
WPA2-AES (without mixed, without TKIP, as you've shown in your screenshot) is still quite secure. WPA is nothing like WEP (which might as well just be open with today's technology). There's been some attacks against WPA, but WPA2 is basically only vulnerable to brute force attacking of the passphrase, which is more of a problem with preshared key and probably lesser of an issue with Enterprise as you shown.

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access


It's really not the bits of encryption that screwed over WEP and WPA1, it's fundamental design flaws in the cryptographic scheme. They seem largely resolved with WPA2.

joe_hickson
New Contributor II
Thanks John, I was more or less looking to see if it is AES256 or 128 or to confirm that there is no bit strength associated with it and no matter how you cut it AES is just AES.

john_d
Valued Contributor II
It's complicated (tm). WPA2 is based off AES128, but the key derivation is per-session and sourced from other information together with nonces. It's hard to find a good diagram, but this student actually did a great job at explaining the key derivation:

http://cs.gmu.edu/~yhwang1/INFS612/Sample_Projects/Fall_06_GPN_6_Final_Report.pdf


I would not be concerned about the key length being a security issue personally, but of course I'm not sure what kind of attack vectors you were concerned about preventing. It's far more likely that weak user credentials are going to pose more of a problem than brute forcing the encryption scheme.

joe_hickson
New Contributor II
That is what I figured I just wanted some confirmation from someone else.  Thanks John, take care.