Solved: Advantages/Disadvantages of using Ascii keys instead of Hexadecimal

Sundeep Dsouza · ‎01-10-2011

Hello,

The organization where I work are using Hexadecimal wpa keys instead of Ascii. Its a 64 bit hexadecimal which is virtually impossible to memorize. Wouldnt it be better to use ASCII instead? Are there any security implications for using ASCII? Which one is better hexa or ascii?

Regards

Surendra BG · ‎01-10-2011

Hi Sundeep,

there is a catch.. in 1200 series IOS that is.. 12.3(8)J series.. you can enable AES by issed the encryption comamnd mapping it ot AES if the RADIO is capable.. please issue the below comand and see if we are able to see AES as the encryption.. that is

en

conf t

int dot11 0

encryption mode ciphers ?

AES

TKIP

ETC..

if you are able see AES here, then configuring WPA on the SSID and AES here will provide the WPA 2 feature!! If we are not able to find the AES here, then that means we dont have the capability to do it.. please check this out and lemme know..

lemme know if this answered your question and mark it as answered if so.

Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Regards
Surendra BG

View solution in original post

Surendra BG · ‎01-10-2011

Hi,

I have not heard till now about WPA 2 getting cracked or hacked.. and as you alredy know that IEEE is ruling out WPA TKIP.. So move to WPA 2 AES and with this using ASCII.. i am pretty sure that there is no security concerns also.. I prefer ASCII better coz of simplicity..

lemme know if this answered your question..

Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Regards
Surendra BG

Sundeep Dsouza · ‎01-10-2011

Hi Surendra,

The thing is, we have couple of 1200 series AP and the only option I see is WPA which i assume is TKIP. We have another 1250 AP which shows WPA version 1 and WPA V2 options I guess the V2 would be AES and V1 TKIP.

Current IOS software is c1200-k9w7-tar.123-7.JA2. Will upgrading the IOS provide me the option to configure AES?

Regards

Surendra BG · ‎01-10-2011

Hi Sundeep,

there is a catch.. in 1200 series IOS that is.. 12.3(8)J series.. you can enable AES by issed the encryption comamnd mapping it ot AES if the RADIO is capable.. please issue the below comand and see if we are able to see AES as the encryption.. that is

en

conf t

int dot11 0

encryption mode ciphers ?

AES

TKIP

ETC..

if you are able see AES here, then configuring WPA on the SSID and AES here will provide the WPA 2 feature!! If we are not able to find the AES here, then that means we dont have the capability to do it.. please check this out and lemme know..

lemme know if this answered your question and mark it as answered if so.

Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Regards
Surendra BG

Sundeep Dsouza · ‎01-10-2011

Thanks Surendra,

AES option is available under CLI. Surprisingly, it would not display in GUI. Anyways I shall move to AES with ASCII .

Regards

Surendra BG · ‎01-10-2011

Thats Great to hear!!

Lemme know if you need any more help.. we will help you out..

lemme know if this answered your question..

Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Regards
Surendra BG