[c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question..

Joerg Mayer jmayer at loplof.de
Mon Nov 30 15:29:40 EST 2009


On Mon, Nov 30, 2009 at 11:16:53AM -0800, Scott Granados wrote:
> Not to be confused with WPA2-psk which is like WPA psk but uses aes 
> instead of TKIP cryptography.

Let me clear up on a few terms:

There are a few pairs:

The (wireless) protocol to negotiate the (per packet) authentication
  and encryption mechanisms and how to derive keys:
WPA (aka mostly 802.11i draft 3 with non-IEEE information elements)
WPA2 (aka mostly 802.11i)

How to derive the PMK (pairwise master key):
PSK (the PMK is direclty derived from the preshared key or passphrase)
Enterprise (use 802.1X/Radius to derive the PMK)

Encryption and authentication:
TKIP (how to derive the per packet keys, use RC4 for encryption and
  Michael MIC for authentication)
AES (different per packet key mechanism, use AES in various forms
  for both, encryption and authentication).

With WPA, TKIP is mandatory and AES is optional
With WPA2, AES is mandatory and TKIP is optional

Ciao
    Joerg
-- 
Joerg Mayer                                           <jmayer at loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.



More information about the cisco-nsp mailing list