01-14-2009 09:01 AM - edited 07-03-2021 04:59 PM
On the 4402 model wireless LAN controller, under the WLANs -> Security -> Layer2, it is possible to select WPA Policy and WPA Encrytion "AES".
Does anyone know if this combination is vulnerable to the recent TKIP exploit?
I have WPA Encryption "TKIP" explicitly unchecked, but I thought I read somewhere that TKIP might still be used for backward compatibility. Or that WPA1 with AES might not have been implemented in according to the final WPA2 definition.
01-15-2009 06:34 PM
WPA with AES is still very strong, and not subject to the vulnerabilities of TKIP.
Good Luck
Scott
01-16-2009 04:00 AM
Hi Scott,
Thanks for your reply.
I just re-read this from the original Cisco Security Response where it says:
"TKIP is the mandatory cipher suite for the first version of the Wi-Fi Protected Access (WPA) specification and it is an option for the Wi-Fi Protected Access version 2 (WPA2) standard.".
Even though we are using WPA(1) where the specification says it is mandatory to include TKIP in the "cipher suite", we are implementing AES and have explicitly disabled TKIP.
I interpret this to mean that we are not vulnerable.
Regards,
Cameron.
01-16-2009 06:36 PM
WPA/Tkip PSK has been compromised as you know, but setting WPA/AES PSK has not been CRACKED....
The only thing is that some devices do not let you setup wpa/aes. I have seen devices that allow you to only either set wpa or the aes. When wpa is the only option, then tkip is automatically set. When TKIP/AES is the only option and you choose AES, then WPA2 is default.
01-18-2009 02:34 AM
Even though TKIP is vulnerable, the atttacks are dictionary-based. If you use a 63-character random string it is still highly unlikely that your TKIP network will be cracked. It's more likely that someone will steal the key via physical means...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide