wpa_supplicant WPA2-PSK authentification times

Jouni Malinen j at w1.fi
Mon Mar 8 07:37:53 EST 2010

On Mon, Mar 08, 2010 at 10:31:19AM +0100, Schulte Stefan wrote:

> As I understood it, proactive key caching doesn't matter as I don't have a RADIUS server anyways. So the 4way-handshake plus the 4way-group handshake has to happen every time the client connects to another AP, right?

As long as you are using WPA2, there is no separate group key handshake
during the initial connection (i.e., group key is exchanged during the
4-way handshake), but other than that, yes, there is no point in key
caching when EAP is not used.

> The 4way handshake stuff takes considerable time when roaming, so I take it that something with the configuration is wrong (either on supplicant or authentificator side), as I read comments that it shouldn't take longer than some 100 milliseconds.

4-way handshake should not really take more than couple of milliseconds
with a good implementation (in both ends)..

> Currently it takes about 8 seconds roughly. The log output with timestamps and my wpa_supplicant configuration file can be found in this mails attachment.

No attachment found.

> 1268048247.043680: RSN: PMKID from Authenticator - hexdump(len=16): 76 d7 84 9e 81 ac 57 c0 29 cc c1 5a 7b fc a8 b2
> 1268048247.043744: RSN: no matching PMKID found
> 1268048247.063012: WPA: Renewed SNonce - hexdump(len=32): e8 72 3a bc c6 2d 5e a0 f8 f2 16 d1 af a0 b5 09 47 83 d0 b7 5e 28 8e 5c 81 37 6a 81 ed f0 71 ce
> 1268048247.063313: WPA: PTK derivation - A1=00:15:6d:54:c5:f2 A2=00:23:33:a4:b4:a2
> Something about no pre-cached keys found in the driver? Should the driver have them, or is it normal behaviour?

Looks normal to me.

> 1268048247.063388: WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
> 1268048247.063489: WPA: Sending EAPOL-Key 2/4
> 1268048247.068555: RX EAPOL from 00:23:33:a4:b4:a2
> 1268048247.068597: IEEE 802.1X RX: version=2 type=3 length=151
> The supplicant sends some sort of key to the AP and has to wait about 5 seconds until he get a result?

This is reply to a message from the AP/Authenticator.. The AP should
continue with message 3 of the 4-way handshake.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list