Opened 3 years ago

Last modified 3 years ago

#18120 new enhancement

Disable TKIP + WPA1 by defalut (btw. set WPA2+AES) by renamig in luci

Reported by: anonymous Owned by:
Priority: normal Milestone:
Component: luci Version: Trunk
Keywords: Cc:


Please change naming of Encryption in the following kind:

No Encryption, WEP Open System, WEP Shared Key, WPA-PSK, WPA/WPA2 Mixed mode and WPA-EAP
and add "(insecure)" or "(weak)" in behind.

So the only two Encryption kinds that did not have (insecure) or (weak) in behind are "WPA2-PSK" and "WPA2-EAP".

In Cipher please remove "auto" (its unclear what it does if not reading the source-code) and please change the other 3 ones to:

From "Force CCMP (AES)" to --> "CCMP (AES)"
From "Force TKIP" to --> "TKIP (RC4) (weak/insecure)"
From "Force TKIP and CCMP (AES)" to --> "TKIP (RC4) and CCMP (AES) (weak/insecure)"

Reason of renaming is because not every user know the cryptography in behind of the ciphers and sometimes i saw, that users have read somewhere, that "WPA instead of WEP" should be used and then they take "WPA-PSK" and set "auto" (automatic is always good). Now they have WPA-PSK-TKIP that is known to not be really secure.

An second reason is also the certification service Wi-Fi Alliance. Since 2011 they did not certificate AP's that support TKIP. Since 2012 they did not certificate Devices that support TKIP. Since 2014 they only certificate devices that supports WPA2 (PSK or EAP) with CCMP (AES) only.

I think everyone here understand that the new rules of the Wi-Fi Alliance makes sense.

Attachments (0)

Change History (1)

comment:1 Changed 3 years ago by anonymous

Secure defaults and clarifying descriptions are fine, but please make sure before other changes that compatibility with older devices is not broken. The WiFi alliance does not mean a whole lot to me or 99.9% of any other users, not much more than the spook infested IETF - weren't they the crew who came up with WPS which gave birth to Reaver?

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.