What is the key difference between WPA2-PSK (TKIP), WPA2-PSK (AES),
and WPA2-PSK (TKIP/AES)
Source: Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both?
TKIP and AES are two different types of encryption that can be used by
a Wi-Fi network. TKIP stands for “Temporal Key Integrity Protocol.” It
was a stopgap encryption protocol introduced with WPA to replace the
very-insecure WEP encryption at the time. TKIP is actually quite
similar to WEP encryption. TKIP is no longer considered secure, and is
now deprecated. In other words, you shouldn’t be using it.
AES stands for “Advanced Encryption Standard.” This was a more secure
encryption protocol introduced with WPA2, which replaced the interim
WPA standard. AES isn’t some creaky standard developed specifically
for Wi-Fi networks; it’s a serious worldwide encryption standard
that’s even been adopted by the US government. For example, when you
encrypt a hard drive with TrueCrypt, it can use AES encryption for
that. AES is generally considered quite secure, and the main
weaknesses would be brute-force attacks (prevented by using a strong
passphrase) and security weaknesses in other aspects of WPA2.
In summary, TKIP is an older encryption standard used by the old WPA
standard. AES is a newer Wi-Fi encryption solution used by the
new-and-secure WPA2 standard. In theory, that’s the end of it. But,
depending on your router, just choosing WPA2 may not be good enough.
While WPA2 is supposed to use AES for optimal security, it also has
the option to use TKIP for backward compatibility with legacy devices.
In such a state, devices that support WPA2 will connect with WPA2 and
devices that support WPA will connect with WPA. So “WPA2” doesn’t
always mean WPA2-AES. However, on devices without a visible “TKIP” or
“AES” option, WPA2 is generally synonymous with WPA2-AES.
what's the best solution for home / work network? Thanks.
It's all covered in the rest of the above article:
On most routers we’ve seen, the options are generally WEP, WPA (TKIP),
and WPA2 (AES) — with perhaps a WPA (TKIP) + WPA2 (AES) compatibility
mode thrown in for good measure.
If you do have an odd sort of router that offers WPA2 in either TKIP
or AES flavors, choose AES. Almost all your devices will certainly
work with it, and it’s faster and more secure. It’s an easy choice, as
long as you can remember AES is the good one.