[Off topic] Difference between wpa: tkip & aes

Bryan Kadzban bryan
Sun Nov 6 05:21:48 PST 2005


Jar wrote:
> When I capture some packets with wireless sniffer and then comparing
> these two methods (tkip/aes), I can't see no dirrerence. In both
> cases the APs beacon probes looks like the same

Well, with WPA-PSK, the beacons would only differ by a small number of
bytes, I think.  The only thing that would change is the pairwise (and
possibly group, but I don't know for sure what Linksys's APs use for
broadcast when in WPA-PSK/AES mode) encryption method, and that's stored
in just one byte in the WPA IE.

With WPA2, that one byte would change from a 01 to a 02, but I'm not
sure which values it would take on with WPA.

> and also the data packets seems to be only TKIP/WEP protected in both
> cases.

How did you come to that conclusion?  Were you looking at directed
packets, or broadcast/multicast packets?

> It is also possible to select WPA2-PSK and then again two
> alternatives: TKIP and AES. Can someone explain the magic behind
> these modes?

See:

http://mail.iocaine.com/pipermail/hostap/2005-November/011725.html

from 4 days ago, and also Jouni's followup (I had a few things wrong in
that post).

> I want to use WPA-PSK with AES. What should I look for in the sniffed
> packets to ensure that the encryption uses AES and not TKIP/WEP?

What makes you think they're using TKIP now?  I guess I always assumed
that the encryption method matched what I had configured on both the
client and AP sides, so I never figured out how to tell the difference
just by looking at data packets.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20051106/8de7647e/attachment.pgp 



More information about the Hostap mailing list