Re: Questions about WPA2 and WPA

Author	All Replies
Jason Cohen join:2004-11-06 Waltham, MA	reply to Jason Cohen Re: Questions about WPA2 and WPA I read the NIST " Guide to IEEE 802.11i: Robust Security Networks" yesterday [»csrc.nist.gov/publications/draft···p800-97]. I have read on various sites as well on this forum that both WPA and WPA2 use unique encryption keys for each frame. However, the NIST document states that "CCM uses a new Temporal Key every session—with every new STA-AP association. Unlike TKIP, the use of AES at the core of CCM obviates the need to have per-packet keys. As a result, the two-phase key mixing functions of TKIP encapsulation are not present in the CCMP encapsulation." Thus, the encryption key used in WPA2 remains the same until you re-authenticate with the RADIUS server which generates a fresh PMK whereas in TKIP "A two-phase cryptographic key-mixing process occurs to produce a new key for every frame that is transmitted. The process takes a session Temporal Key along with the dynamically changing TSC to create a dynamic WEP key." So, is there any safe limit to the amount of data or the number of packets that is safe to encrypt with the same Temporal Key? I routinely stream TV shows from my MythTV server over the wireless network. The recordings are appx. 7 mbit/sec (as they're MPEG-2). This leads to massive amounts of data being transferred in the same session. So, for example, yesterday after watching two shows, Windows said that I had received 2 million packets, and sent 4 million- in a period of 2 hours. The total amount of data transferred was around 6 GB. Is this safe? I would think that as a single AES encryption key can be used to encrypt HDs with hundreds of GBs of data, this shouldn't be an issue, but I wanted to verify that it is in fact a safe practice.
Jason Cohen join:2004-11-06 Waltham, MA	to forum · permalink · · 2006-09-27 13:45:30 ·
jbibe Premium,MVM join:2001-02-22 3 edits	said by Jason Cohen : So, is there any safe limit to the amount of data or the number of packets that is safe to encrypt with the same Temporal Key? I routinely stream TV shows from my MythTV server over the wireless network. The recordings are appx. 7 mbit/sec (as they're MPEG-2). This leads to massive amounts of data being transferred in the same session. So, for example, yesterday after watching two shows, Windows said that I had received 2 million packets, and sent 4 million- in a period of 2 hours. The total amount of data transferred was around 6 GB. Is this safe? I would think that as a single AES encryption key can be used to encrypt HDs with hundreds of GBs of data, this shouldn't be an issue, but I wanted to verify that it is in fact a safe practice. CCM requires a new key for every session. It also requires a unique nonce value for each frame protected by the key. CCMP uses a unique 48-bit packet number for each frame. Your downloads are not significant, even if your computer remains connected for extended periods of time. I recommend that you turn your computer off on a regular basis, but leaving it on for one day should not cause any security concerns.
jbibe Premium,MVM join:2001-02-22 3 edits	to forum · permalink · · 2006-09-27 19:29:05 ·


Friday, 27-Nov 05:36:50	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF