Is it possible to force greater than 128-bit strength when using AES-CCM mode?
Jouni Malinen
j
Wed Sep 14 08:28:11 PDT 2011
On Wed, Sep 14, 2011 at 09:17:37AM -0400, Martes G Wigglesworth wrote:
> I was wondering why there is no switch or parameter to increase the
> "bit-strength" of the encryption algorithm under AES above 128-bit.
I'm assuming you are talking about CCMP here which is based on AES-CCM.
CCMP is defined to use 128-bit key and block size in the IEEE 802.11
standard ("All AES processing used within CCMP uses AES with a 128-bit
key and a 128-bit block size"). As such, there is not much point in
hostapd or wpa_supplicant to provide parameters for trying to do
something that has not even been defined.
> I also would like to know if I am simply misunderstanding the
> implementation. The man page has always indicated that a "256-bit"
> hex key can be used in place of a passkey, however, I am a bit
> confused as to why the interface information always will indicate
> 128-bit AES-CCM.
That key is not the key used in CCMP; it is the key used during 4-way
handshake to derive keys (including the 128-bit TK that is used with
CCMP).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list