2

In case of WPA2 using the Radius server, every client gets its own username and password. But what is the case in the WPA2 using a PSK without the authenticating server. In this case also we have a 4 way handshake. But is the PTK derived by all clients different or the same?

YLearn
  • 3,967
  • 1
  • 17
  • 34
Ankur Bhatia
  • 125
  • 1
  • 5

2 Answers2

1

The PTK is derived by all clients by using the following attributes: PMK (Pairwise Master Key), AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. That means that a different PTK will be derived for each 4 way handshake, although the PSK is the same.

pineappleman
  • 2,289
  • 11
  • 21
  • Thank you for the reply. So in that case, what is the added advantage of WPA2 with the radius server. Is it just for the authentication of the client? – Ankur Bhatia Jul 17 '15 at 08:20
  • With RADIUS, you eliminate the use of shared passwords. – pineappleman Jul 17 '15 at 08:41
  • One last confusion I have is at the end of the Radius EAP-TLS authentication, a master key is shared with the client/access point. But what is the use of this key in the 4 way handshake. Is the PTK generated using this master key? – Ankur Bhatia Jul 17 '15 at 09:24
1

But is the PTK derived by all clients different or the same?

With WPA-PSK, you configure each WLAN node (access points, wireless routers, client adapters, bridges) not with an encryption key, but rather with a plain-English passphrase that contains up to 133 characters. Using a technology called TKIP (Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client.

  • Thank you for the reply. So in that case, what is the added advantage of WPA2 with the radius server. Is it just for the authentication of the client? – Ankur Bhatia Jul 17 '15 at 08:32
  • @AnkurBhatia Yes, RADIUS is just an **authentication** protocol suitable for you in case you have to manage lot of clients unlike when you use WPA2 with PSK –  Jul 17 '15 at 08:38
  • Thank you begueradj. One last confusion I have is at the end of the Radius EAP-TLS authentication, a master key is shared with the client/access point. But what is the use of this key in the 4 way handshake. Is the PTK generated using this master key? – Ankur Bhatia Jul 17 '15 at 09:24
  • @AnkurBhatia Please ask that [here](http://security.stackexchange.com/questions/ask) because it is a different question from your main one and it is hard to explain it through a comment. –  Jul 17 '15 at 09:42