Is it possible to force greater than 128-bit strength when using AES-CCM mode?

Martes G Wigglesworth mailinglistmember
Wed Sep 14 06:17:37 PDT 2011

Greetings list.

I was wondering why there is no switch or parameter to increase the 
"bit-strength" of the encryption algorithm under AES above 128-bit.

I also would like to know if I am simply misunderstanding the 
implementation.  The man page has always indicated that a "256-bit" hex 
key can be used in place of a passkey, however, I am a bit confused as 
to why the interface information always will indicate 128-bit AES-CCM.

Please reference the following:

wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         inet netmask 0xffff0000 broadcast
         media: IEEE 802.11 Wireless Ethernet autoselect mode 11g *<hostap>*
         status: running
         ssid wireless-2 channel 1 (2412 MHz 11g) bssid 00:1b:2f:37:02:46
         country US ecm *authmode WPA privacy MIXED deftxkey 2*
*AES-CCM 2:128-bit* txpower 23 scanvalid 60 protmode CTS wme burst
         dtimperiod 1 -dfs

Does hostapd implement anything higher than a 128-bit encryption 
strength, or am I simply confused as to what I am using for reference?

I am running hostapd version 0.7.3 on a FreeBSD-8.2 router.


Martes G Wigglesworth
M. G. Wigglesworth Holdings, LLC

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Hostap mailing list