Ask the Expert

TKIP encryption

Lisa Phifer, Wireless Networking Expert

We're in the process of implementing PEAP (MS-ChapV2), authenticating to an existing NT Active Dir domain and all is working ok. Two questions...

1) I've got the key rotation set for every 5 minutes on the RADIUS server (Cisco Secure 3.2). Will TKIP get any additional security?

2) The period of time the PC is given to authenticate is too short. It's actually around 2 minutes which should be long enough but I'd like to lengthen it to an hour or so.

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

TKIP encryption is based on transient keys, changed often enough to prevent the key reuse that lead to WEP cracking. In TKIP, there are pairwise transient keys and group transient keys. Pairwise transient keys are different for every association. They get derived and installed at the end of 802.1X. They can be automatically updated as needed, using the pairwise master key, because changes affect only one association.

The same broadcast key must be used by all stations connected to an AP (or a VLAN on an AP). When using TKIP, the group transient key is delivered securely after the pairwise transient keys are derived and installed. Because the same group key is used by everyone, it is effectively static unless something forces it to change. Broadcast key rotation updates that group transient key for all stations currently associated to the AP.

I am not aware of a configurable timeout that would control how long a station is given to authenticate overall, but you can usually control how long the AP and RADIUS server wait before timing out on any individual RADIUS message. For example, see radius-server timeout in Cisco APs.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in October 2003

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Enterprise WAN
Unified Communications
Mobile Computing
Data Center
Networking Channel

Enterprise WAN
- Mobile optimization: What to do about mobile data slowing your WAN
  
  Mobile data continues to burden network bandwidth, making applications slow. This tip explains how mobile optimization can fix your slow WAN.
- WAN security vendor: To go network hardware provider or third-party?
  
  Network hardware providers and third-party vendors have very different WAN security offerings. How do you choose?
- WAN optimization, management and security: Putting the pieces together
  
  By searching for solutions that put WAN optimization, management and security together, enterprise IT can reduce company bottom lines and complexity.
Unified Communications
- What's the difference between bits and bytes specific to telephony?
  
  The differences between bits and bytes specific to telephony equipment is explained by UC strategies expert Matt Brunk in this expert response.
- Startup Pexip introduces software-based video conferencing bridge
  
  Pexip Infinity is a subscription-based, virtualized video conferencing bridge from the founders of Tandberg.
- The truth about mobile UC&C uptake
  
  As much as vendors tout their mobile UC&C clients, adoption is still very low. Find out why and what could make true solutions meaningful.
Mobile Computing
- Bringing BYOD to your enterprise
  
  Bring your own device (BYOD) can be a boon for both employees and enterprises, but clear policies and management tools are needed.
- Meeting technical requirements for mobile health care deployments
  
  IT departments deploying mobile health care solutions must ensure that using mobile devices in health care settings doesn't violate federal laws or compromise security.
- Making the call: Distributed antenna systems and in-building wireless
  
  Distributed antenna systems and in-building wireless solutions are two options to improve wireless cellular coverage within an enterprise facility.
Data Center
- Red Hat Open Hybrid Cloud aids private, public cloud management
  
  Hardware, virtualization, public and private cloud are all converging and need to be managed as one environment. Enter Red Hat's Open Hybrid Cloud.
- Mainframe modernization takes on urgency
  
  A Red Hat Summit talk on database and mainframe modernization highlights urgency, need for agility in enterprise development teams.
- AMD microprocessors regroup to fight another day
  
  Intel may win the server war, but AMD microprocessors could find more acceptance in another niche market.
Networking Channel
- Aruba Networks Partner Program Checklist
  
  Value-added resellers and service providers interested in reselling Aruba networking hardware and software can learn the benefits of becoming an Aruba Networks partner with this standardized checklist. Compare Aruba's reseller partner program with other vendors' offering similar products.
- NetScout Systems Partner Program Checklist
  
  Learn the benefits of becoming a NetScout Systems reseller partner with our Partner Program Checklist.
- Visage Mobile Partner Program Checklist
  
  Learn the benefits of becoming a Visage Mobile reseller partner with our Partner Program Checklist.

All Rights Reserved,Copyright 2000 - 2013, TechTarget