Posted: Sat Jan 19, 2008 21:30 Post subject: Key renewal interval?
Maybe it's not a place to ask, cause it's not directly related to DD-WRT, but I don't know where else to ask.
I've setup DD-WRT on WHR-G54S for my brother, and he says that sometimes wireless connection on his laptop disconnects and after about half a minute reconnects again. Does it have anything to do with key renewal interval? Currently it's set to 3600. I guess this means, that the key is regenerated every 3600 seconds, but does it mean that wireless clients need to reconnect every hour?? If it's not, then I have to look for a problem somewhere else.
P.S. And, is it safe to use this interval (3600) or I should lower it? I'm using WPA-PSK TKIP (63 symbols passphrase), cause I believe that TKIP uses less CPU power than AES for both: AP and clients (longer battery time). Maybe I'm wrong.
It's ok to use the default 3600 in renew interval. Yes it's in seconds, and it means 1 hour. But it won't make it disconnect.
Maybe you should take a look if signal is strong enough. Many thing's can cause this, even microwave ovens, or wireless phones...
Posted: Tue Jan 13, 2009 9:38 Post subject: Re: Key renewal interval?
evaldas wrote:
P.S. And, is it safe to use this interval (3600) or I should lower it? I'm using WPA-PSK TKIP (63 symbols passphrase), cause I believe that TKIP uses less CPU power than AES for both: AP and clients (longer battery time). Maybe I'm wrong.
KEy renewal happens automatically, and should not result in disconnection (however failure of client to accept key renewal will).
Regarding battery time with AES over TKIP, this must be a rumour. On AES capable NICs it is the same chip on the NIC, which will do the decipher regardless of TKIP or AES.
Well, would it be a good conclusion to say that so long as my signal strength is strong, then if I set 300 seconds, that would be good too?
If the client does not accept the key or for whatever reason it fails, will it retry again? I think it's mentioned it will retry 4 times? And what happens if it fails 4 times?
Changing the key renewal time wont change much other than adding extra load to the NIC/Driver and AP/Router, this may impact performance if the medium is heavily used.
If will add some extra security, but do remember the (AFAIK) only method able to crack WPA is bruteforce attack.
So a strong encryption key will add more security than changing key renewal time.
Signal strenght has nothing to do with the above.
In evaldas' case, his brother's problem could very well be interference.
Most wifi novices forgets that the frequency Wifi uses is shared frequencies, in which cordless equipment like mice, keyboards, bluetooth, audio/video signal, x11 cameras, baby monitors, some cordless phones, other wifi networks even microwave ovens and many more.
Even 802.11a (wifi in 5Ghz) is shared spectrum, however so far it is much unused and in some countries, 802.11a has more non-overlapping channels than 802.11b/g.
Evaldas' brother may just need a new driver for his wireless nic, if none of the above plays in.
but do remember the (AFAIK) only method able to crack WPA is bruteforce attack.
That is basically the case. However, there is indeed a new attack on TKIP which allows an attacker to inject small packets into the network without knowing the preshared key. Lowering the key interval (or I should say make the key renew more often) is one of the things recommended to thwart this attack.