TKIP encryption and xsupplicant

Jouni Malinen jkmaline
Mon Jan 24 19:12:39 PST 2005

On Mon, Jan 24, 2005 at 10:32:21AM -0800, Dani Camps wrote:

> I want to set up a 802.1X authentication scheme for my
> wlan. I have an AP with WPA support, when I enable the
> support it allows me to choose between two different
> encryption methods TKIP and AES, I think TKIP is an
> extension of WEP by I don't know anything about AES,
> what is this AES ?

AES defines the encryption algorithm used with CCMP (IEEE 802.11i,
WPA2). Block cipher called Rijndael was selected as the new encryption
standard, AES, i.e., Advanced Encryption Standard, to replace dES.

> So far I was using xsupplicant in my fedora core 3,
> but when I started it there were some errors about the
> encryption, it was saying that it didn't detect any
> encryption, but I had the same key configured in the
> AP and in my wlan card. So is it possible that the
> problem comes form the fact that xsupplicant doesn't
> support TKIP, that is what I had in the AP and to do
> all the key management stuff I need wpa_supplicant ?

It's not about TKIP, but about the key management part of WPA. The
xsupplicant version in Fedora core 3 does not likely have WPA support.
The latest development version of xsupplicant seems to include some
support for WPA, so you should be able to choose between xsupplicant and
wpa_supplicant. Taken into account that this is the mailing list for
Host AP and wpa_supplicant, it should be easy to guess which one I would
recommend ;-).

> TKIP is basically like WEP but the keys are renewed
> periodically, isn't it ?

TKIP uses different RC4 key for each packet and in addition, includes
somewhat stronger data authentication with Michael MIC.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list