As we all know, router security is the cornerstone of network security. If there is a security problem with the router, it means that our network will also have security problems. So we will make some security settings for the router, but if the security settings are not properly, it may slow down the entire network.

We usually use WPA2-AES and WPA2-TKIP to encrypt the router. Today we will talk about the difference between the two and why AES will become a big winner.

Introduction to WPA

WPA (or Wi-Fi Access Protection) - is generated by a vulnerability in the WEP (Wired Equivalent Privacy) protocol. However, this is not a perfect solution, just a temporary option, users can use existing routers to solve security problems in the WEP protocol.

Although WPA is better than WEP, it still has some security problems. The attack usually does not leak the TKIP (Temporal Key Integrity Protocol) algorithm (up to 256-bit encryption), but it will pass the auxiliary system WPS protocol, or Wi-Fi protection settings to destroy.

The Wi-Fi protection settings are designed to facilitate device connectivity, but there are many security flaws that make people gradually abandon it and adopt WPA.

But at the moment, both WPA and WEP are retiring, so let's talk about the new version of WPA2 that replaces WPA.

Why is WPA2 better?

AES encryption (advanced encryption standard) makes Wi-Fi networks faster and more secure. Simply put, WPA-TKIP is just a temporary choice, and now a better WPA2-AES they have worked on over the past three years has solved many problems.

AES, a true encryption algorithm, is not just for Wi-Fi networks. It has become an encryption standard, whether it is the government, the popular TrueCrypt, or many other software that protects data. Again, this standard is also used to protect your home network, but you also need to update your router hardware.

AES VS TKIP security comparison

TKIP is essentially a WEP patch that solves the problem of an attacker parsing a router key by obtaining a small amount of router traffic. To solve this problem, TKIP gives a new key every few minutes. The attacker is not provided with enough data to decipher the RC4 stream encryption on which the key or algorithm depends.

Although TKIP also provided a relatively complete security upgrade at the time, it was not comprehensive enough to protect your network from hackers. One of the biggest vulnerabilities is called "chop-chop attack", which is an attack that occurs before the encryption itself is released.

Hackers can use the chop-chop attack to intercept and analyze the data generated in the network, and finally decipher the key and display the data in plain text.

AES is a completely independent encryption algorithm that is far superior to any algorithm provided by TKIP. The algorithm has 128-bit, 192-bit or 256-bit block ciphers.

Simply put, we need to convert the plaintext to ciphertext. If the observer does not have an encryption key, the received ciphertext looks like a random string. As long as the device or person at the other end of the transmission has a key, the decrypted data is easy to view. The router has the first key and encrypts the data before sending it. The computer has a second key to decrypt the transmitted content.

The level of encryption (128, 192 or 256 bits) determines the amount of "chaotic data", in which case a large number of combinations can be made that an attacker cannot crack. Even the minimum level of 128-bit AES encryption is theoretically unbreakable, because the current computing power needs more than 100 billion years to crack this encryption algorithm!

Speed PK between AES vs TKIP

TKIP is an outdated encryption method and it slows down the system in addition to security issues. Most newer routers (any 802.11n version or update) now default to WPA2-AES encryption. If you have an old router or choose WPA-TKIP encryption for some reason, the computer will run much less quickly. slow.

If you enable WPA TKIP on any 802.11n router or newer security option, the speed will slow down to 54Mbps. Because this security protocol is to ensure that it works properly on the old router. The maximum speed of 802.11ac under WPA2-AES encryption is 3.46 Gbps. So in theory, AES is much faster than TKIP!

to sum up

AES and TKIP are not even worth comparing. AES's routing is faster, the algorithm is more secure, and even the government chooses to use it, so AES is the best choice for us.