#18120: Disable TKIP + WPA1 by defalut (btw. set WPA2+AES) by renamig in luci
-------------------------+-------------------
Reporter: anonymous | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: luci | Version: Trunk
Keywords: |
-------------------------+-------------------
Please change naming of Encryption in the following kind:
No Encryption, WEP Open System, WEP Shared Key, WPA-PSK, WPA/WPA2 Mixed
mode and WPA-EAP
and add "(insecure)" or "(weak)" in behind.
So the only two Encryption kinds that did not have (insecure) or (weak) in
behind are "WPA2-PSK" and "WPA2-EAP".
In Cipher please remove "auto" (its unclear what it does if not reading
the source-code) and please change the other 3 ones to:
From "Force CCMP (AES)" to --> "CCMP (AES)"
From "Force TKIP" to --> "TKIP (RC4) (weak/insecure)"
From "Force TKIP and CCMP (AES)" to --> "TKIP (RC4) and CCMP (AES)
(weak/insecure)"
Reason of renaming is because not every user know the cryptography in
behind of the ciphers and sometimes i saw, that users have read somewhere,
that "WPA instead of WEP" should be used and then they take "WPA-PSK" and
set "auto" (automatic is always good). Now they have WPA-PSK-TKIP that is
known to not be really secure.
An second reason is also the certification service Wi-Fi Alliance. Since
2011 they did not certificate AP's that support TKIP. Since 2012 they did
not certificate Devices that support TKIP. Since 2014 they only
certificate devices that supports WPA2 (PSK or EAP) with CCMP (AES) only.
I think everyone here understand that the new rules of the Wi-Fi Alliance
makes sense.
--
Ticket URL: <https://dev.openwrt.org/ticket/18120>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
