The Glade 4.0

Quick question: what wireless security measures offer the least latency? I'm not terribly concerned about neighbors suberting my precautions...my router only possibly extends one house over, to the little old lady whose most pressing matter is cutting her grass every other day ( ). I'm mainly looking for something just to keep anyone from randomly connecting to my network, which would most likely be by accident; keep in mind I don't live in the most technologically advanced area.

My favorite option is MAC address filtering (mainly because it's the simplest), but I was wondering if anyone knew how much latency that adds versus things like WEP, WPA, etc.

MAC filtering adds virtually no latency. The MAC is part of the unencrypted header of the packet, and thus it's a simple table look-up. It should be noted, however, that the security it provides is pretty limited -- if you're a malicious person to begin with, you'll have the tools to snoop traffic (which, if unencrypted, means they can still see any data you send/receive) and spoof a valid MAC for their own access. Which leads us to encryption..

Unless your router is really getting long in the tooth, WPA shouldn't be horrific, either. I haven't ever done specific testing (hmm...), but I'd be amazed if it amounted to more than 5ms or something.

There's no excuse to not encrypt, in my mind. Especially if you handle any money matters online.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

Did your router support WPA and/or WPA2 out-of-the-box? Because if so, it's pretty well safe to say that any performance difference vs. an unencrypted network will be negligible. There's really no reason not to be running WPA2+AES if your router supports it. WEP is trash and should not be used. Ever. For the record, it's probably slower than WPA or WPA2 anyway.

Incidentally, if your router is decent, you can probably disable the SSID broadcast. The will create problems for you if you have any devices that aren't able to connect to "hidden" WiFi networks, though. I'm not sure if this is supported by the current gen of game consoles supports this or not.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

Current gen game consoles will support non-broadcast SSIDs. I stopped hiding mine because my laptop wouldn't always pick it up if it was coming out of hibernation, though.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

This is my router, for what it's worth.

Netgear RangeMax Wireless-N Gigabit Router Model No. WNR3500

It'll WPA fine. Use 2 if everything you've got supports it.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

My devices list is as follows:

MacBook Pro
iMac
PC with Linksys Wireless USB Adapter
Xbox 360
Playstation 3
Nintendo DSi
Sony PSP

My Mac Pro for work is running wired internet, so that's not an issue.

Honestly, I'm not well-versed enough on networking to be cognizant of what encryption methods each support.

Hmm. What generation iMac? And I don't know about the PSP. The rest look good off the top of my head.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

Uh...no idea. The iMonitor. Whichever generation that one is (Help me, Obi-Wan KenKatas, you're my only hope!)

The iMac will support WPA, as will the PSP. However, I'm not sure about the DSi. I know that the DS lite only does WEP, and I'm not sure if they upgraded that.

DSi upgraded to WPA(2, I believe) capable.

And I just realized I'm a moron, considering I've seen the iMac in question, in person.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

OS X hardware supports WPA 2 since 10.3 with modern hardware, and 10.3 in OS X terms is like Windows 98 at this point.

FarSky has 10.5 or maybe 10.6 and his equipment is more modern than my Mac by a couple months at least.

_________________
Once, I was a ranger
Then, I was a warlock
And a mage
And a paladin
Now, I seek to be myself

Even my hackintosh PC has 10.8 >.>

10.6 is the latest commercial release... you just outed yurself as... FROM TE FUTARRR!

Wait, what? Whatever the latest version before Snow Leopard was, that's what I have. Edit - 10.5.8 is what I meant.

I'm currently trying to optimize my wireless connections. PS3 manual says it supports WAP-PSK (AES) -- is this the same as WAP2+AES? If not, does any other PS3 owner know if WAP2 connection support was added?

Rodahn, you're mixing something up. There is WEP, wired equivalent protocol, which is pretty lousy as it can be fairly easily sniffed and duplicated.

Then, there's WPA, which I don't recall the meaning of, and WPA2, which are more robust. AES is one of the two encryption algorithms WPA can use.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

Works Progress Administration, created during the Roosevelt administration.

Seriously, Wi-Fi Protected Access.

_________________
"If you haven't got anything nice to say about anybody, come sit next to me." - Alice R. Longworth

"Good? Bad? I'm the guy with the gun." - Ash Williams

Rodahn: Short answer, yes. WPA2-PSK (AES) falls under the general umbrella of WPA2 EAS.

This all gets confusing, though, so...

WPA and WPA2 have two components - authentication and encryption.

For authentication, they support PSK and EAP.

• PSK -- Pre-Shared Key. That is, you have manually shared a common key with all the network clients. This is typical for home networks.
• EAP -- Extensible Authentication Protocol. There is no shared key; clients authenticate with the WiFi access point through a 3rd-party authentication server (ex. RADIUS) using EAP. This is more common in larger corporate networks where stolen laptops = stolen network keys, and where changing a shared key for hundreds of users would be a major pain in the ***.

For encryption, WPA2 supports TKIP or AES. WPA supports TKIP and may support AES as well, but is not required to. This is really the only difference between WPA and WPA2.

• TKIP -- Temporal Key Integrity Protocol. This is based on the RC4 (Rivest Cipher 4) algorithm. TKIP is very similar to what was used in WEP. While they've patched some of the more serious issues, RC4 is not a very strong cipher these days. This is why SSL has been replaced by TLS for years. WPA/WPA2 is just behind the curve.
• AES -- Advanced Encryption Standard. Original known as Rijndael, it became known as AES when it won the AES2 competition. Specifically, WPA and WPA2 use AES-256, which uses the longest allowed key length for AES (256 bits). AES along with Serpent and (arguable) Twofish are arguably the strongest published symmetric ciphers in the world.
• TKIP+AES -- This just means that the router offers both encryption types. It exists so that WPA2 routers can support some old WPA clients that can only use TKIP

The TL;DR version:

WPA2 is backwards and forwards compatible with WPA. Meaning that if your router supports WPA2, you may as well use it even if all of your clients are currently WPA devices.

For WPA2, use TKIP+AES or just plain AES if you know that none of your clients need TKIP (some old WPA devices). It's "safe" to leave TKIP support enabled even if no one is making use of it. Thus, TKIP+AES is by far the easiest configuration since it should support all WPA and WPA2 clients.

As far as I know, WPA routers don't have a TKIP+AES mode. The either only allow AES, or only allow TKIP. In this case, you should definitely use AES mode if you can (i.e., if all clients support it). Use TKIP only if you must support some old WPA client that can't use AES. Doing this will force WPA2 and newer WPA devices to use the weaker TKIP encryption. In this case, consider either getting rid of/upgrading the old TKIP clients, or upgrading your router to to WPA2 so that you can use TKIP+AES.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.