dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1083
share rss forum feed


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

What about wpa group re key interval

I wondered about the "wpa group re key interval", it defaults to 3600 (minutes) what if I changed it to zero? or would that degrade the security by not ever changing the key and not be any better than WEP.

Thanks.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.



Thane_Bitter
Inquire within
Premium
join:2005-01-20
Reviews:
·Bell Sympatico

1 recommendation

I think you mean 3600 seconds; if not your WAP point has some wacky firmware.

Which encryption system are you using, TKIP or AES (CCMP)?

In the former case TKIP is vulnerable to a specific attack which allows a hacker to read (and possible inject) broadcast type traffic, in this case if you reduce the renewal period the hacker has less of a window to hack and gain access to that traffic because the key will change. Reducing the Key interval forces more key changes (which taxes the hardware more), however reduces the window a hacker has to that traffic. A setting of zero would imply that the key changes at intervals less than a minute which probably is excessive; in reality it’s up to the programmer who wrote the firmware as to what a number that low actually does. In areas where one is stuck using TKIP reducing the interval is desirable however there is a trade-off and you might end up with performance issues or connectivity problems if you set it too low, as such I would not go with anything under 10 minutes, perhaps as low as 5 minutes if your average traffic at this WAP is light. At this rate if a hacker was trying to hack his/her way in the shorter interval in combination with a good password (passkey) makes the success of an attack impractical and unfortunately costs you performance. So yes lowering it is perhaps a good idea, but if you want better security you should upgrade to AES (CCMP)

If you are using AES with a reasonable sized key (not short, not simple words, etc) than aside from taxing hardware slightly more there is little gain as AES has not been shown to be breakable (except by brute force). In short there is no gain and only a loss to performance in this case.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit
reply to aefstoggaflm

Why would you want to do this? What is gained?

BTW I agree with Thane_Bitter See Profile. Use AES and not TKIP or Auto (select).



aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

said by StuartMW:

Why would you want to do this? What is gained?

Go ask this user, what he/she is thinking..

»Re: 327w internet connection
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.