[Off topic] Difference between wpa: tkip & aes
Jouni Malinen
jkmaline
Mon Nov 7 18:59:44 PST 2005
On Mon, Nov 07, 2005 at 09:29:34PM +0200, Jar wrote:
> But sometimes data packets show both CCMP and TKIP and sometimes just
> CCMP. I don't know what it means?
It means that the sniffer did not have enough information to determine
whether the frame was using TKIP or CCMP. I don't know what you are
trying to do, but it is just not feasible to determine whether any
single frame is encrypted with TKIP or CCMP. If you need this
information, you will need to do stateful inspection of the WPA
handshake to figure out what kind of encryption was configured.
As far as weak IVs are concerned, the tool you are using is probably
just not clever enough to realize that they do not apply to TKIP or
CCMP. Duplicate IVs could be layer two retransmissions of the same
packet.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list