PMKID caching is possble with out preauthentication??

Jouni Malinen jkmaline at
Sat Dec 3 11:51:37 EST 2005

On Sat, Dec 03, 2005 at 08:26:03AM -0500, Bryan Kadzban wrote:
> Anjaneyulu Jagarlamudi wrote:
> > Iam implementing only PSK,
> Then I'm not sure, but I don't believe there's any need for PMKID caching.

In most cases, that is indeed correct. PMKSA caching does not offer any
speed up for PSK handshake since they end up using the exact same 4-Way

> In PSK mode, I'm pretty sure that the (hex) pre-shared key *is* the PMK
> for all clients.  Assuming that's actually true, then there's no need to
> cache the PMK for each AP for use when roaming, because all the APs will
> have to use the same PSK, so they'll therefore have to use the same PMK.
> And the supplicant already knows this PMK, so it shouldn't have to cache
> it.

There is no requirement for every station using the same PSK, but yes,
PSK is indeed used as PMK. If more than one PSK were used, PMKID could,
at least in theory, be used to notify AP about which PSK was selected. I
haven't heard of anyone using this, though.

> (It's also possible that PMKID caching can cut down on the 4-way
> handshakes; I kinda doubt it though.  The supplicant would still have to
> prove it was actually there, not replaying packets, and would still have
> to prove that it knew the current PMK; this is what the 4-way handshake
> proves.)

PMKSA caching is only used to skip EAP authentication. 4-Way Handshake
does not change at all (well, apart from PMKID being added to two

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list