Old wireless B cards + WPA2 not working

[INH]

I have had a Linksys WRT54G router for quite a while, and just today I decided that I needed to secure my network. Accordingly, I went to my router setup webpage and set it to use WPA2 encryption with the AES algorithm. Unfortunately, two of the computers in my house use old (very old) wireless-B Linksys WMP11 PCI cards, and they couldn't make heads or tails of this WPA2 thing. So, I went hunting around on the internet, and eventually found a fix that allowed me to connect them to my network when secured with WPA security and TKIP encryption. My question is: if they can connect to WPA with TKIP, shouldn't they be able to connect to WPA2 when running AES+TKIP encryption? From what I understand, setting your router to run with AES+TKIP encryption allows newer hardware to connect with the more secure AES algorithm, and older hardware to use the older TKIP algorithm. However, the WMP11 cards fail to connect when I use WPA2 with TKIP+AES encryption. Why is this?

[so0ky]

Because WPA is different than WPA2? UUHHHHHHHHHHH

[INH]

Yes, but as I understand it WPA2 with AES+TKIP means that it will accept computers trying to connect via either the AES algorithm or the TKIP algorithm. So, WPA2 with AES+TKIP functions as a sort of "compatibility mode" for older hardware that doesn't support AES, and allows my newer computers to connect via the newer, better algorithm, while still allowing my older computers to connect via the older, not-as-good algorithm. Except it's not working that way.

[so0ky]

Because your understanding is wrong.

AES + TKIP could mean either but it could also mean and.

[Dave@Bytes]

Not sure what your budget is, but maybe you should just phase out that old technology and get a couple new wifi adapters for those computers. I've been doing the same around my place.

[INH]

So the info posted by Ovid Kafka on this page is incorrect?

[so0ky]

Probably not. I didn't read the whole thread, I'm referring to Ovid Kafka's most detailed response.

I'm going to quote two main paragraphs that he posts.

"WPA and WPA2 (and WEP) are entire standards, each of which may give a choice of encryption mechanism, a choice of Message Authentication Code (MAC) mechanism and a choice of user authentication mechanism. [Yes, MAC is an unfortunate acronym collision]"

Noticed I italicized the words "are entire standards."

And here is this paragraph...

"The prefered encryption mechanism for WPA2 is AES but TKIP is permitted for reasons of hardware compatibility. TKIP is still based on the RC4 encryption algorithm (the same one used by WEP) and therefore wireless equipment doing encryption in hardware can usually be upgraded with a firmware or software change from WEP to WPA or from WEP to WPA2 using TKIP, but not from WEP to WPA2 using AES."

I'm sure you have read the entire response. Where does he say that WPA2 is backward compatible with WPA?

I'm going to go ahead and wiki WPA2.

"The protocol certified through Wi-Fi Alliance's WPA program (and to a lesser extent WPA2) was specifically designed to also work with wireless hardware that was produced prior to the introduction of the protocol[2] which usually had only supported inadequate security through WEP. Many of these devices support the security protocol after a firmware upgrade. Firmware upgrades are not available for all legacy devices."

Wi-Fi Protected Access - Wikipedia, the free encyclopedia

This adds credibility to your original source. And note it isn't backward compatible. As I understand it, you have to do a firmware upgrade to allow your hardware to use WPA2. Even when you do that, you are going to be using the weaker "encryption mechanism."

[MCSA77]

WPA2-Personal is backwards compatible with the original WPA. Routers and access points may have selectable settings for WPA2-Personal only or a mixed mode, which means that you can run both WPA2- and WPA-capable wireless devices on the same network. Most users need to select a mixed setting if they have computers or devices that are not WPA2-Personal compliant. Computers equipped with WPA2-Personal–capable wireless cards will use the stronger WPA2 Advanced Encryption Standard (AES) encryption, while WPA only–capable devices will fall back to WPA. Personally I dont tust WPA (can be cracked).

Keith
A+,Networks+,Security+,MCP, MCSA