WPA2-PSK security related question: Force TKIP+CCMP or only CCMP?

OSUserx · June 21, 2019, 6:42pm

Hello,

I am not familiar with encryption and network technologies.
Since OpenWRT is really well documented, I got along well so far.
But now I have a (probably pretty stupid) question I couldn't answer myself.

I know that CCMP is the safer encryption protocol and TKIP is not recommended, but in my wireless config I have found the option "Force TKIP and CCMP".

So does this mean my WIFI will offer TKIP e.g. for older devices and CCMP parallel and my wireless security is weakened by this option or does this mean that both protocols are used simultaneous for every connection and security is improved?

Thank you for reading.

Greetings
Florian

jeff · June 22, 2019, 2:31pm

"Force CCMP (AES)" is considered by most to be the only option that has a reasonable level of security.

There are very few devices that don't support it as 802.11n encryption has been around, at least in products supporting "draft mode", since 2002 -- over 15 years now.

lleachii · June 22, 2019, 2:31pm

To add to what @jeff noted, AES was the new encryption outlined for WPA2 specifications. So if a device has WPA2, it's required to (should) have AES capability.

OSUserx · June 22, 2019, 2:30pm

Thank you for your answers.
I'll use the "Force CCMP (AES)" setting then.

system · July 2, 2019, 2:44pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.