Triple DES vs WPA, WPA2 and WPA PSK?

[dareys]

Greetings,

I am currently evaluating providers of secure network connectivity, in light
of problems I have had over a number of years.

Over time I have read about encryption algorithms as related to other
software products, so I have a basic understanding and have a lot to read,
but was wondering if anyone with knowledge and experience in the topic could
help.

Specifically, what is more secure? Tripple DES? WPA? WPA-2? WPA-PSK?

Thank you.

Jean-Pierre

I

Regards,

Jean-Pierre

 

[Lem]

Greetings,

I am currently evaluating providers of secure network connectivity, in light
of problems I have had over a number of years.

Over time I have read about encryption algorithms as related to other
software products, so I have a basic understanding and have a lot to read,
but was wondering if anyone with knowledge and experience in the topic could
help.

Specifically, what is more secure? Tripple DES? WPA? WPA-2? WPA-PSK?

Thank you.

Jean-Pierre

I

Regards,

Jean-Pierre

"Triple DES" is not used for wireless network encryption. In any event,
the Data Encryption Standard (which is what DES stands for) is an older
and less secure encryption technique than AES (Advanced Encryption
Standard) used in WPA2.

You should also be aware that "WPA2" and "WPA" are certification
programs sponsored by the WiFi Alliance, an industry organization. If
you want technical details, see the IEEE 802.11i standard.

As usually used, WPA2 is more secure than WPA. WPA2 uses an AES-based
cipher cipher algorithm, while WPA uses the less-secure RC4 cipher.

The "PSK" suffix, which can be used with either WPA2 or WPA, refers to
the use of a pre-shared key. The full 802.11i standard requires the use
of an 802.1X authentication server. Recognizing that the provision of
such a server is often beyond the means (technical and/or financial) of
home users and small business users, the WiFi Alliance included a
"personal" mode for WPA and WPA2 which does not use an authentication
server. Instead, the key is "pre-shared" among all of the clients.
Personal mode WPA or WPA2 is less secure than "enterprise" mode, which
does use an authentication server.
--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm

 

[dareys]

Lem,

Thank you for the response. Yes, I read about Triple DES. Frankly, with the
actual computing speed, I figured an algorithm that is breakable in 3 hours
(e.g. DES) and its variation, Triple DES, which also dates 1974 - 1977,
cannot be that secure.

I am floored that an internet provider would sell me this as a secure and
unbreakable connection.

I am glad I checked, but based on what I read and what I know about the
topic and computing, there has to be better. I will read some more and hope
for other answers to confirm yours, but I was skeptical from the start.

Regards,

Jean-Pierre

 

[Jack-MVP]

Hi
Maybe this can further Help.
From the weakest to the strongest, Wireless security capacity is.
No Security
Switching Off SSID (same has No Security. SSID can be easily sniffed even if
it is Off)
MAC Filtering______(Band Aid if nothing else is available, MAC number can be
easily Spoofed).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
-------------------
The three above are Not considered safe.
Safe Starts here at WPA.
-------------------
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP bellow SP3 and did not updated it, you would have
to download the WPA2 patch from Microsoft.
<http://support.microsoft.com/kb/893357>
The documentation of your Wireless devices (Wireless Router, and Wireless
Computer's Card) should state the type of security that is available with
your Wireless hardware.
All devices MUST be set to the same security level using the same pass
phrase.
Therefore the security must be set according what ever is the best possible
of one of the Wireless devices.
I.a. even if most of your system might be capable to be configured to the
max. with WPA2, but one device is only capable to be configured to max . of
WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can
do WEP only) is holding better security for the whole Network, replace the
device with a better one.
The Core differences between WEP, WPA, and WPA2 -
<http://www.ezlan.net/wpa_wep.html>
Jack (MVP-Networking).

 

[dareys]

Jack,

Nice to hear from you again and for your continued support. This is a very
succinct and nice summary and I appreciate it.

Unfortunately, I believe this applies only to wireless connections and I am
also investigating Wide Area Network connectivity from a purchased PMCIA or
USB dedicated roaming connection from people like IUSACELL.

They are selling Tripple DES which as far as I know, is pretty old, slow and
breakable technology from the 70s. There has to be something better, AES?
Now...

If you can add any information regarding this issue, I would appreciate it
although it might be something that is out of your scope.

However, as always, thank you for your help.

Jean-Pierre

 

[John Wunderlich]

They are selling Tripple DES which as far as I know, is pretty
old, slow and breakable technology from the 70s. There has to be
something better, AES? Now...

While basic DES is considered "broken", Tripple-DES in all the 30-odd
years it has been around still hasn't. Some consider the newer
algorithms "better" but, then again, they haven't survived the years of
attacks that 3DES has. Many still use/prefer 3DES.

-- John

 

[dareys]

John,

Thank you for the feedback.

From what I have read, and the feedback I have received, Tripple DES is a
bit like the AES wireless standard, and I believe things have improved since
that.

As far as I am concerned, with the increasing computing power available,
anything can be broken. It is just a matter of time and ressources.

Obviously, some things make take ridiculous amonts of both and real
malicious intent but are nonetheless possible.

It is just a matter of time. I would lean towards newer algorithms, as much
has been learned since DES or Tripple DES in terms of how to break them.

But I am not discounting your opinions and I thank you for your time.

Jean-Pierre