Wifi password VS MACs filtering - in terms of speed vs security

Background

First I need to say that I know about how better it is to secure the wifi network even with WEP , than to not secure it at all, and I know there is a thread asking a similar question like Is securing Wifi with MAC Filter enough? and Router password vs MAC filtering?.

However, I was told by a fellow of mine that it totally ruins the speed of the wifi by half, from 70 Mbps (without any password protection) to less than 30 Mbps (with password protection).

He offered to remove any password protection and use specific MACs list that will allow only specific devices to connect.

However, as far as I know , this allows other to sniff about everything that is transmitted, so he said there is not much to sniff as the important websites (like ebay and paypal) are already secured via SSL and such.

My question

Is he right? Why would the wifi become so slow with a password? Does it mean that I would always have to choose between speed and security to such an extend? I thought that the encryption is very fast and can't slow down the internet connection that much...


Solution 1:

MAC filters are by no means strong, if an adversary can sniff you network over a period of time, so you are correct there.

As for speed, it depends on a number of factors, but mainly comes down to how much you are taxing your device, and how fit it is for your usecase. Encryption carries overhead with it, so the manufacturer designs their devices to have sufficient resources for the performance you want. In fact, wireless N was designed to use WPA2 or better and runs faster than with lesser encryption protocols.

if you have newer hardware, and a modest number of clients generating reasonable loads, I would expect you to see little to no difference over unencrypted. if you have an older router however, or your clients are out of control, the overhead could drown your router.

Solution 2:

It's fairly trivial to defeat a MAC whitelist. A search for "mac address changer" will turn up a variety of options, and airmon-ng is commonly used to find out what MAC addresses are connected to a network.

As for encryption slowing you down, this is unlikely unless you're really using ancient hardware. Anything else will do the crypto in hardware, and should be designed with full throughput in mind.

But, if in doubt, it should be easy enough for you to run a quick test.