Rodahn: Short answer, yes. WPA2-PSK (AES) falls under the general umbrella of WPA2 EAS.
This all gets confusing, though, so...
WPA and WPA2 have two components - authentication and encryption.
For authentication, they support PSK and EAP.
- PSK -- Pre-Shared Key. That is, you have manually shared a common key with all the network clients. This is typical for home networks.
- EAP -- Extensible Authentication Protocol. There is no shared key; clients authenticate with the WiFi access point through a 3rd-party authentication server (ex. RADIUS) using EAP. This is more common in larger corporate networks where stolen laptops = stolen network keys, and where changing a shared key for hundreds of users would be a major pain in the ***.
For encryption, WPA2 supports TKIP or AES. WPA supports TKIP and may support AES as well, but is not required to. This is really the only difference between WPA and WPA2.
- TKIP -- Temporal Key Integrity Protocol. This is based on the RC4 (Rivest Cipher 4) algorithm. TKIP is very similar to what was used in WEP. While they've patched some of the more serious issues, RC4 is not a very strong cipher these days. This is why SSL has been replaced by TLS for years. WPA/WPA2 is just behind the curve.
- AES -- Advanced Encryption Standard. Original known as Rijndael, it became known as AES when it won the AES2 competition. Specifically, WPA and WPA2 use AES-256, which uses the longest allowed key length for AES (256 bits). AES along with Serpent and (arguable) Twofish are arguably the strongest published symmetric ciphers in the world.
- TKIP+AES -- This just means that the router offers both encryption types. It exists so that WPA2 routers can support some old WPA clients that can only use TKIP
The TL;DR version:
WPA2 is backwards and forwards compatible with WPA. Meaning that if your router supports WPA2, you may as well use it even if all of your clients are currently WPA devices.
For WPA2, use TKIP+AES or just plain AES if you know that none of your clients need TKIP (some old WPA devices). It's "safe" to leave TKIP support enabled even if no one is making use of it. Thus, TKIP+AES is by far the easiest configuration since it should support all WPA and WPA2 clients.
As far as I know, WPA routers don't have a TKIP+AES mode. The either only allow AES, or only allow TKIP. In this case, you should definitely use AES mode if you can (i.e., if all clients support it). Use TKIP only if you must support some old WPA client that can't use AES. Doing this will force WPA2 and newer WPA devices to use the weaker TKIP encryption. In this case, consider either getting rid of/upgrading the old TKIP clients, or upgrading your router to to WPA2 so that you can use TKIP+AES.
|
). I'm mainly looking for something just to keep anyone from randomly connecting to my network, which would most likely be by accident; keep in mind I don't live in the most technologically advanced area.