pairwise vs group
alfred hitch
alfred.hitch
Tue Dec 27 22:24:58 PST 2005
I have a small question.
Is group cipher key from AP to client same as client to AP ?
as in it's a symmetric key ?
Alfred
On 12/27/05, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
> On Wed, Dec 28, 2005 at 04:18:56AM +0000, Lucia Di Occhi wrote:
>
> > I have a linksys wrt54g configured with WPA2 and TKIP+AES which from what I
> > understand it means it will support both TKIP and AES. My wpa_supplicant
> > configuration is as follows "just because it works" really :-)
>
> WPA2?
>
> > network={
> > ssid="myssid"
> > proto=WPA
>
> This is not WPA2..
>
> > I have noticed that I can change pairwise to TKIP and it will still work,
> > but it will not work at all if group is set to CCMP. Now, my question is:
> > what in the word is my laptop doing, is it using AES? Any reason why it
> > will not work with group=CCMP?
>
> In WPA and WPA2/802.11i, it is possible to configure the AP to support
> multiple pairwise (unicast) ciphers. However, only one group cipher is
> used and it will be the weakest of allowed pairwise ciphers since all
> stations need to be able to receive the broadcast/multicast frames. This
> is why you can use either TKIP or CCMP as pairwise cipher, but only TKIP
> as group cipher. CCMP can be used as group cipher only if it is the only
> allowed pairwise cipher.
>
> > I guess my real question is what is the difference between group and
> > pairwise?
>
> Group cipher is used for multicast (including broadcast) frames and it
> must be understood by all associated stations. Pairwise cipher is used
> for unicast frames and it needs to be understood by the AP and each
> stations separately (i.e., different stations can use different pairwise
> ciphers).
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
More information about the Hostap
mailing list