aes+strength

  • 1
  • Question
  • Updated 2 years ago
Do we know the strength of WPA2 Enterprise with AES?  Everything I have read is not specific about how many bits of encryption this method is. WEP64 and WEP128 do say. Something similar to this: https://stixit.files.wordpress.com/2012/10/11.png
Photo of Joe H

Joe H

  • 3 Posts
  • 1 Reply Like

Posted 2 years ago

  • 1
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 137 Reply Likes
WPA2-AES (without mixed, without TKIP, as you've shown in your screenshot) is still quite secure. WPA is nothing like WEP (which might as well just be open with today's technology). There's been some attacks against WPA, but WPA2 is basically only vulnerable to brute force attacking of the passphrase, which is more of a problem with preshared key and probably lesser of an issue with Enterprise as you shown.

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access


It's really not the bits of encryption that screwed over WEP and WPA1, it's fundamental design flaws in the cryptographic scheme. They seem largely resolved with WPA2.
Photo of Joe H

Joe H

  • 3 Posts
  • 1 Reply Like
Thanks John, I was more or less looking to see if it is AES256 or 128 or to confirm that there is no bit strength associated with it and no matter how you cut it AES is just AES.
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 137 Reply Likes
It's complicated (tm). WPA2 is based off AES128, but the key derivation is per-session and sourced from other information together with nonces. It's hard to find a good diagram, but this student actually did a great job at explaining the key derivation:

http://cs.gmu.edu/~yhwang1/INFS612/Sample_Projects/Fall_06_GPN_6_Final_Report.pdf


I would not be concerned about the key length being a security issue personally, but of course I'm not sure what kind of attack vectors you were concerned about preventing. It's far more likely that weak user credentials are going to pose more of a problem than brute forcing the encryption scheme.
Photo of Joe H

Joe H

  • 3 Posts
  • 1 Reply Like
That is what I figured I just wanted some confirmation from someone else.  Thanks John, take care.
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 137 Reply Likes
Sure thing! It's a good question to ask, because even slight deviations from the settings you made (like adding WPA + WPA2 mixed, or adding TKIP) would have negative security ramifications.