how-to block ads
|
|
Uniqs:
2168 |
Share Topic
 |
 |
|
|
|
| WPA-PSK with AES-CCMP or TKIP [I originally posted this in the "Security" forum but it only had one reply. This seems like a much more appropriate spot so I am reposting it.]
I am trying to understand the basic differences between WPA-PSK used with aes-ccmp and WPA-TKIP, and which would be considered more secure to use in a PSK setup.
The hardware and software used allows for both the PC and router to communicate using WPA-PSK and either aes-ccmp, or TKIP.
When either aes-ccmp, or TKIP are used, the PC's 802.11g wireless client software reports that both the Pairwise and Group ciphers are using either aes-ccmp or TKIP. There software reports that there are no instances of WEP present as a combination in the Pairwise or Group ciphers.
The Group Key Renewal period is 10 minutes (600 seconds).
The passphrase used is a full 63 characters long with each character used only once in the phasphrase. (If an upper case letter is used, then the same letter is not used as a lowercase).
Given this setup, does the use of aes-ccmp or TKIP provide greater security and how/why?
How does one determine the number of bits of encryption achieved when typing in a passphrase, as opposed to hex numbers?
Is it correct that using aes-ccmp TKIP allows for a greater number of possible keys (than TKIP), that the algorithm is virtually unbreakable when 256 bits are used, and that this would be the preferred over TKIP.
Is it also correct that a setup with WPA-PSK using aes-ccmp (and a 63 character passphrase) would negotiate the initial association with 256 bit encryption using a virtually unbreakable algorithm. From that point on every ten minutes a new Group key would be generated and exchanged also that same level of encryption.
Am I understanding the basics correctly?
Thanks. | |
DSLrgmPremium,MVM
join:2002-08-22
Oak Park, MI | Where to start....
TKIP was designed for hardware that will not support CCMP. And you cannot mix. To go with CCMP, all devices MUST support CCMP.
When we say, 'TKIP' we are actually saying, 'TKIP plus MICHAEL'. TKIP is RC4 with very good key mixing. MICHAEL is a 32 bit Message Integrity Check (MIC). CCMP is running AES in Counter Mode and using a CBC-MAC for the MIC. Also CCMP ***ONLY** supports 128bit AES. There is NO support, in the spec for 256bit AES. No need.
Generally, CCMP will be faster than TKIP/MICHAEL. MICHAEL, being only 32bits is open to attack and defends against attack by shutting down the AP for a second then forces a rekey.
TKIP is strong and well done by today's standards, but MICHAEL, well we did the best with what we had.
So more on the risks with MICHAEL and speeds, you should be using CCMP.
Now as too how to determine the number of bits of encrryption. You really mean (I hope) the number of bits of entropy in the key which equates to the attack space. Go get Richard Smith's boot "Authentication". He has a whole chapter on this, so I am NOT going to try and write that up here! Oh a a hex key that ends up looking just like some many characters ain't any good either!
The Pairwise Transient Keys (PTK) coming out of the 4-way handshake are always 128bits. Well actually there is this whole key expansion and division so that each function gets its own 128 bit key.
I hope this helps. I just got off a redeye and not too interested in going a lot into this. | |
| reply to Birds0
DSLrgm, thanks for the reply - especially after a Redeye.
Continuing on...
PSK using AES-CCMP is employed. Now comes the part of how to choose a secure passphrase.
I was wondering if the following two methods would result in sufficiently strong passphrases to stand up to an offline dictionary attack for up to a year if someone were to sniff the association packets.
1) Using Diceware word list to generate about 15 words (appears to provide about 2.297e+58 possible combinations)
2) Creating a 6x6 grid and filling it with letters, numbers, symbols and rolling two dice to create 63 random characters (appears to provide about 1.114e+98 possible combinations)
It would appear to me that either of these would result in strong passphrases that would take at least a year or two (or more?) to break and be enough to encourage a wardriver or hacker to move on.
Am I missing something? | |
|
