Page 1 of 11 123 ... LastLast
Results 1 to 15 of 151
  1. #1
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Richmond, VA, USA
    Posts
    356
    Thanks
    6
    Thanked 1 Time in 1 Post

    Changing from WEP to WPA2 on a D-Link DIR-655

    Hello,

    I have a D-Link DIR-655 router and my current security mode is WEP with MAC filtering. I'm thinking that I need to move this to WPA2 (WPA Personal, as it's called in the manula) and cease the MAC filtering. I have a couple of questions:

    1. At WPA mode, the instructions say Next to WPA Mode, select Auto, WPA2 Only, or WPA Only. Use Auto if you have wireless clients using both WPA and WPA2. Im not sure what this means. I have 4 iPhones, an iPad, and four laptops that connect to the wireless. What should I select here?

    2. If I step back through the setup process and use the same password as I had under WEP, will the wireless devices need to be reconfigured somehow or will the password need to be reentered on each device or will the change be seamless to the user?

    Thanks.

    WSC3

  2. #2
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,072
    Thanks
    0
    Thanked 259 Times in 248 Posts
    1. Might work for a mix of devices to use the Auto.

    2. WPA and WPA2 are stronger and the ones I've changed did need stronger/longer passwords/passphrases. [But they were different brands]. I like my Router because during setup it suggests several possible passwords and all were a mix of letters, Capital letters and number.

  3. #3
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Richmond, VA, USA
    Posts
    356
    Thanks
    6
    Thanked 1 Time in 1 Post
    The password I use now is 8 characters, which is what's required for WPA/WPA2.

    Does the message mean that there are devices that can't transmit in WPA or WPA2? How old would something have to be to not "know" these two security modes?

  4. #4
    jwoods
    Guest
    This article from How-To Geek might help explain the different types of WPA encryption, and using it with older devices...

    http://www.howtogeek.com/204697/wi-f...-tkip-or-both/

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    WEP and MAC filtering are breakable in about 15 minutes. Definitely time to change.

    Always use WPA2 is possible, WPA is older and potentially less secure. Your router should "prefer" WPA2 so set it to Auto and then view the connection types to see what you have.

    When you change encryption you always need to re-connect existing devices - re-enter the passcode.

    Always use the best password you can get away with. GRC have a nice password page that will provide you with one.
    Use a 64 bit random hex passcode as this allows you to use WPS to connect your devices.

    cheers, Paul

  6. #6
    jwoods
    Guest
    Quote Originally Posted by Paul T View Post
    Always use WPA2 is possible, WPA is older and potentially less secure. Your router should "prefer" WPA2 so set it to Auto and then view the connection types to see what you have.
    Depends on "which" WPA2 you are using (from the article in post #4)...


    WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t secure, and is only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network.

    WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option. On devices with less confusing interfaces, the option marked “WPA2″ or “WPA2-PSK” will probably just use AES, as that’s a common-sense choice.


    I would confirm with D-Link that their router selection for WPA2 is using AES.

  7. #7
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    WPA is an improved encryption standard with TKIP.
    WPA2 is a further improvement with AES.
    There is no such thing as WPA2 using TKIP.
    PSK is a pre shared key which 99% of home routers use.
    http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

    cheers, Paul

  8. #8
    jwoods
    Guest
    Quote Originally Posted by Paul T View Post
    There is no such thing as WPA2 using TKIP.
    Your wrong, sorry...

    Google "WPA2 (TKIP+AES)"

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by jwoods View Post
    Your wrong, sorry...

    Google "WPA2 (TKIP+AES)"
    I think you are wrong here. TKIP is for WPA. WPA2 uses AES only. Some routers support a mode where you can have WPA + WPA2, with TKIP for WPA and AES for WPA2.

    Quoting from speedtest.net(http://www.speedguide.net/faq/wpa2-t...cryption-331):

    "When you set your router to use WPA2, you usually have the option to use AES, or TKIP+AES. When your router is set to "WPA2 with TKIP+AES" it means that network devices that can use WPA2 will connect with WPA2, and network devices that can only use WPA will connect with WPA. The passphrase for both WPA and WPA2 will be the same. This option allows users to easily transition from WPA to WPA2. To set your router to use only WPA2, choose WPA2 with AES (do not use TKIP)."

    Quoting from http://compnetworking.about.com/od/w...t-is-wpa2.htm:

    "Specifically, WPA2 does not allow use of an algorithm called TKIP (Temporal Key Integrity Protocol) that has known security holes (limitations) in the original WPA implementation."

    If you want an even more authoritative source, I guess eetimes.com should be enough (http://www.eetimes.com/author.asp?se...doc_id=1287503). When addressing WPA2, near the bottom of the article, you can read:

    "WPA2
    The Wi-Fi Alliance name for IEEE 802.11i certification testing is Wi-Fi Protected Access (WPA) 2 or WPA2. WPA2 resembles IEEE 802.11i but differs slightly to allow for interoperability concerns with WPA. WPA is the Wi-Fi Alliance's earlier certification, which was based on a draft of the IEEE 802.11i standard. If migration isn't a concern then WPA2 runs as defined by IEEE 802.11i. For instance, an access point and client card running only CCMP in WPA2 will be running IEEE 802.11i. However, an access point that allows CCMP and TKIP clients will be running a mixture of IEEE 802.11i and WPA. This enables the earlier WPA clients to associate to the new WPA2 access points. To users this is transparent. But developers will need to note the difference when designing to include earlier WPA systems."

    So, as I said earlier, there is no WPA2 + TKIP. Routers support modes where you can connect both through WPA and WPA2, thus supporting TKIP on WPA and AES on WPA2.

    WPA2 should always be used. Older hardware that cannot run WPA2, should probably be dumped and replaced by WPA2 supporting hardware.
    Rui
    -------
    R4

  10. The Following User Says Thank You to ruirib For This Useful Post:

    RetiredGeek (2015-04-20)

  11. #10
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,153
    Thanks
    31
    Thanked 306 Times in 266 Posts


    Good on yer Rui
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  12. #11
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    On the contrary, both WPA2 can use TKIP, AES or both (TKIP+AES). WPA uses TKIP. TKIP has long been hacked--though I seem to recall all it allows is someone to insert up to 35 characters in the header from you and that is about the extent of it. "My Boss is an idiot!!!!" Well could be an issue in the IT dept. except the boss would have to know how to examine the header because he is an idiot. :-) [edit: Interesting it was 28 bytes injection to spoof in TKIP and this has been increased to allowing malicious Javascript and up to 596 bytes. While the attack is still more lab than practical I would remove any part of a network that only had WPA encryption capability.]

    At any rate, it is up to the router maker to offer the encryptions. I would only select AES option. Many makers only offer AES with WPA2. While TKIP may be a WPA2 fallback position (in WPA for WPA devices), the options are offered to the user by some router makers for WPA2. [edit: here is a good reason for AES only...connection speeds cannot exceed 54Mbps per N protocol without AES.]

    I would also have encouraged the OP to update his firmware before doing the change.

    The OP also can continue using MAC filtering. They are completely different and mutually compatible---though MAC filtering is not particularly troubling to a determined hacker.

    I am more stunned that in this day and age people are still running B protocol with WEP "protection." Might as well run with an open connection.

    https://community.newegg.com/eggxper...9/t/99093.aspx
    Last edited by Fascist Nation; 2015-04-20 at 15:13. Reason: TKIP addition and speed comment

  13. The Following User Says Thank You to Fascist Nation For This Useful Post:


  14. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by Fascist Nation View Post
    On the contrary, both WPA2 can use TKIP, AES or both (TKIP+AES). WPA uses TKIP. TKIP has long been hacked--though I seem to recall all it allows is someone to insert up to 35 characters in the header from you and that is about the extent of it. "My Boss is an idiot!!!!" Well could be an issue in the IT dept. except the boss would have to know how to examine the header because he is an idiot. :-)

    At any rate, it is up to the router maker to offer the encryptions. I would only select AES option. Many makers only offer AES with WPA2. While TKIP may be a WPA2 fallback position (in WPA for WPA devices), the options are offered to the user by some router makers for WPA2.

    I would also have encouraged the OP to update his firmware before doing the change.

    The OP also can continue using MAC filtering. They are completely different and mutually compatible---though MAC filtering is not particularly troubling to a determined hacker.

    I am more stunned that in this day and age people are still running B protocol with WEP "protection." Might as well run with an open connection.

    https://community.newegg.com/eggxper...9/t/99093.aspx
    Routers that offer TKIP + AES, support both WPA and WPA2. From a normative point of view (which is what matters), WPA2 supports only AES.
    Rui
    -------
    R4

  15. #13
    jwoods
    Guest
    Quote Originally Posted by ruirib View Post
    So, as I said earlier, there is no WPA2 + TKIP. Routers support modes where you can connect both through WPA and WPA2, thus supporting TKIP on WPA and AES on WPA2.
    So, it appears Comcast, or the author, must have Photoshopped the WPA2-PSK (TKIP) setting in the router screenshot in the article...

    Comcast Xfinity Router.jpg

    Sorry, you're wrong as well.

  16. #14
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Richmond, VA, USA
    Posts
    356
    Thanks
    6
    Thanked 1 Time in 1 Post
    Wow. What a dialogue! Paul: "Use a 64 bit random hex passcode as this allows you to use WPS to connect your devices." What does this mean? I need to enter a 64 bit hex passcode on each wireless device in my house? That's seems a tad long...

  17. #15
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    It's more likely that the router interface designer / coder got it wrong - it won't be the first time.

    cheers, Paul

Page 1 of 11 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •