Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: Jeff Liebermann <jeffl@xxxxxxxxxx>
- Date: Sat, 28 Feb 2009 11:39:08 -0800
On Sat, 28 Feb 2009 12:16:10 -0500, "bc20" <bc20z020@xxxxxxxxxxx>
wrote:
I have a AP at home that also does WPA1-PSK-AES. (It doesn't even have
WPA2). It is the DLink DWL-7100AP
http://support.dlink.com/emulators/dwl7100ap/html/CfgWepParam0.html
Y'er right. Amazing. The data *** at:
<http://www.dlink.com/products/resource.asp?pid=304&rid=1012&sec=0>
shows:
WPA - Wi-Fi Protected Access
(WPA - TKIP/AES PSK)
Ugh. I was wrong. WPA-PSK-AES is sorta kinda supported on DD-WRT:
<http://www.dd-wrt.com/wiki/index.php/Wireless_security#Preference_Summary>
You can use WPA + AES for higher security than TKIP, but only if
your devices support it (it is optional). For this reason it is not
very common. You also do not get the improved roaming features of
WPA2.
WPA + TKIP+AES provides a fallback in case AES is not supported by
a device in that it switches to the more common TKIP. The
disadvantage is that it might switch to TKIP unexpectedly but is
more backwards compatible if needed.
I still think it's a bad idea. My (second) guess is that there are
quite a few client radios and drivers that will not support the
WPA-PSK-AES mode.
Weird, totally weird. It kinda looks like some manufacturers had the
room to implement AES encryption, but ran out of horsepower or space
to implement the various WPA2 authentication methods.
Looking at the various home router certifications at:
<http://certifications.wi-fi.org/wbcs_certified_products.php?search=1&lang=en&filter_category_id=1&listmode=1>
most of the common wireless routers are tested and certified for WPA
and WPA2 with an assortment of authentication protocols. However,
there's no detail on which combination of encryption protocols are
included in the test.
<http://www.wi-fi.org/certification_programs.php>
The associated "white paper" on the certification process only hints
that the testing follows 802.11i. So, grabbing 802.11i:
<http://standards.ieee.org/getieee802/download/802.11i-2004.pdf>
I'm blessed with 190 pages of heavy reading which is guaranteed to
turn my brain into mush. A quick search offers no mention of WPA or
WPA2, but the underlying protocols are described in excruciating
detail. Methinks I'll pass for now and leave this exercise for
another time when I'm awake and have more time.
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- References:
- Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: bc20
- Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: Jeff Liebermann
- Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: bc20
- Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: Jeff Liebermann
- Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: bc20
- Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: Jeff Liebermann
- Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: bc20
- Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- From: bc20
- Wireless-ethernet bridge with WPA-PSK (AES) ?
- Prev by Date: Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- Previous by thread: Re: Wireless-ethernet bridge with WPA-PSK (AES) ?
- Next by thread: Client won't associate with range expander.
- Index(es):
