PMKID caching is possble with out preauthentication??
Jouni Malinen
jkmaline at cc.hut.fi
Sat Dec 3 11:51:37 EST 2005
On Sat, Dec 03, 2005 at 08:26:03AM -0500, Bryan Kadzban wrote:
> Anjaneyulu Jagarlamudi wrote:
> > Iam implementing only PSK,
>
> Then I'm not sure, but I don't believe there's any need for PMKID caching.
In most cases, that is indeed correct. PMKSA caching does not offer any
speed up for PSK handshake since they end up using the exact same 4-Way
Handshake.
> In PSK mode, I'm pretty sure that the (hex) pre-shared key *is* the PMK
> for all clients. Assuming that's actually true, then there's no need to
> cache the PMK for each AP for use when roaming, because all the APs will
> have to use the same PSK, so they'll therefore have to use the same PMK.
> And the supplicant already knows this PMK, so it shouldn't have to cache
> it.
There is no requirement for every station using the same PSK, but yes,
PSK is indeed used as PMK. If more than one PSK were used, PMKID could,
at least in theory, be used to notify AP about which PSK was selected. I
haven't heard of anyone using this, though.
> (It's also possible that PMKID caching can cut down on the 4-way
> handshakes; I kinda doubt it though. The supplicant would still have to
> prove it was actually there, not replaying packets, and would still have
> to prove that it knew the current PMK; this is what the 4-way handshake
> proves.)
PMKSA caching is only used to skip EAP authentication. 4-Way Handshake
does not change at all (well, apart from PMKID being added to two
frames).
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list