TKIP encryption and xsupplicant

[Jouni Malinen]

On Mon, Jan 24, 2005 at 10:32:21AM -0800, Dani Camps wrote:

> I want to set up a 802.1X authentication scheme for my
> wlan. I have an AP with WPA support, when I enable the
> support it allows me to choose between two different
> encryption methods TKIP and AES, I think TKIP is an
> extension of WEP by I don't know anything about AES,
> what is this AES ?

AES defines the encryption algorithm used with CCMP (IEEE 802.11i,
WPA2). Block cipher called Rijndael was selected as the new encryption
standard, AES, i.e., Advanced Encryption Standard, to replace dES.

> So far I was using xsupplicant in my fedora core 3,
> but when I started it there were some errors about the
> encryption, it was saying that it didn't detect any
> encryption, but I had the same key configured in the
> AP and in my wlan card. So is it possible that the
> problem comes form the fact that xsupplicant doesn't
> support TKIP, that is what I had in the AP and to do
> all the key management stuff I need wpa_supplicant ?

It's not about TKIP, but about the key management part of WPA. The
xsupplicant version in Fedora core 3 does not likely have WPA support.
The latest development version of xsupplicant seems to include some
support for WPA, so you should be able to choose between xsupplicant and
wpa_supplicant. Taken into account that this is the mailing list for
Host AP and wpa_supplicant, it should be easy to guess which one I would
recommend ;-).

> TKIP is basically like WEP but the keys are renewed
> periodically, isn't it ?

TKIP uses different RC4 key for each packet and in addition, includes
somewhat stronger data authentication with Michael MIC.

-- 
Jouni Malinen                                            PGP id EFC895FA