path: root/hostapd/hostapd.conf
diff options
authorJouni Malinen <jouni.malinen@atheros.com>2008-11-06 17:57:21 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-06 17:57:21 (GMT)
commit581a8cde77670ba7de2cce57f4a723ba435df9b7 (patch)
treed06cf58048193c7a10dc8e6de59fc414124fffcc /hostapd/hostapd.conf
parent81eec387dd7c1f4521822e48023e950dfa7b5a52 (diff)
Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
Diffstat (limited to 'hostapd/hostapd.conf')
1 files changed, 4 insertions, 0 deletions
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 898a3a3..599d7f1 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -710,6 +710,10 @@ own_ip_addr=
# (in seconds).
+# Maximum lifetime for PTK in seconds. This can be used to enforce rekeying of
+# PTK to mitigate some attacks against TKIP deficiencies.
# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
# authentication and key handshake before actually associating with a new AP.