I already covered the second "secret" in this article, but it bears repeating. In the pre-11n days, I had stopped testing wireless products for WEP-enabled throughput reduction. The reason was that all products had built in the hardware encryption engine needed to handle the heavier calculations required by WPA and WPA2. So I no longer was able to find a throughput reduction greater than my measurement technique could detect.
But all that changed with draft 11n.
My testing has shown a 28 to 75% reduction in draft 11n product throughput with WEP enabled, with the Atheros chipset turning in the highest reduction (Figure 5) and the Marvell the least (Figure 4).
Figure 4: Security mode throughput loss - downlink
Even WPA/TKIP has shown throughput hits of 35 to 77%. The Atheros and Marvell chipsets again turn in the highest and lowest throughput reductions respectively (Figure 5).
Figure 5: Security mode throughput loss - uplink
So it would seem that WPA2 which uses AES, is the only way to go for draft 11n wireless security. But, even then, the data shows that uplink throughput loss with WPA2 can still be significant, i.e. up to 35%!
In contrast, Figure 6 shows security mode performance that you can expect from a typical < $50 802.11g router. The plot shows a comparison of throughput with WEP 128, WPA/TKIP, WPA2 and no encryption for a Trendnet TEW-452BRP router and matching TEW-441PPC notebook card. All three security modes have performance within 5% of unencrypted performance, which is within the resolution of the measurement technique.
Figure 6: Security mode throughput loss - Trendnet TEW-452BRP
By comparison, Figure 7 shows the same mode comparison for a D-Link DIR-655 draft 11n router and DWA-652 Notebook card.
Figure 7: Security mode throughput loss - D-Link DIR-655
This time you see an almost 80% throughput loss for WEP128 and WPA/TKIP!