How can I find out what is changing my wireless encryption from AES to TKIP automatically?

1

I have a wireless connection using WPA2-Personal as the security type, and I've set the Encryption type to TKIP. However, without my intervention, the encryption type will change from TKIP to AES, and I have no clue what is causing this. When the encryption type does change, Windows takes forever to establish a socket connection, so it's obviously very annoying to have to change the encryption type so often back to TKIP. Is there some logged activity that will show me what's changing the encryption type?

Paul Gibler

Posted 2013-06-24T15:02:22.447

Reputation: 11

How are you detecting that the encryption has been changing? In the UI of the router or in what the client (windows) reports when you connect? – Scott Chamberlain – 2013-06-24T15:06:11.620

1Sounds like your router's configuration is being reset. Are you sure you save then apply the changes. Have you tried to update the router's firmware to see if the problem goes away. – Ramhound – 2013-06-24T15:07:37.520

@ScottChamberlain I'm noticing this error occurring on the Windows wireless connection client – Paul Gibler – 2013-06-24T15:19:53.503

Answers

0

For most intents and purposes, WPA2 is AES (AES-CCMP). WPA was TKIP, but WPA2 is AES. The other differences between WPA and WPA2 are all quite minor in comparison.

Pure WPA2 is AES only, but the WPA2 spec does allow for an optional "WPA2 mixed mode", where AES is of course available and preferred, but TKIP is available for legacy devices (mostly old 802.11b devices from before 2003, or a few lame 802.11a or maybe 802.11g devices from 2002-2003) that support TKIP but not AES. Even the earliest 802.11g chipsets from 2003 contained hardware support for AES, so keeping TKIP enabled in any way is mostly for history buffs who still have decade-old devices on their networks.

If your AP (Wi-Fi router) supports WPA2, and your client supports WPA2, you should use WPA2 (AES-CCMP) in both places. It doesn't make sense to configure a client for WPA2 and then insist it use the old troublesome TKIP encryption from WPA.

Also note that 802.11n requires AES-CCMP encryption if you're going to use encryption at all. Most TKIP and WEP implementations can't keep up with the data rates of 802.11n, so the IEEE decided to require AES encryption for 802.11n networks that require encryption. So that's another possibility; if you're setting WPA2 on your client, and still trying for some reason to insist on troublesome TKIP, but then you're trying to associate to an 802.11n-capable network, it may be that your software or hardware is being smart on your behalf and upgrading you to AES instead of downgrading your data rates to A/B/G rates instead of N rates.

Spiff

Posted 2013-06-24T15:02:22.447

Reputation: 84 656

Asked: 2013-06-24T15:02:22.447

Viewed: 2 386 times

Active: 2019-11-09T19:02:25.347