Re: wpa2-psk aes

[marco gregorio <gregomarco () gmail com>]

> hi,
> thanks for your reply.
>
> one more question just to clarify.
>
> although the PSK is known, the re-key mechanism should grant a private
> and secure connection between client and AP as Vito confirms.
> moreover, by setting that interval to a reasonable low value, the
> chances to decrypt a whole client's session should become scarce even if
> the PSK is known.
>
> would be possible to elaborate a little bit more on that?

 I actually would like to dig further into your issue, do you want to
make each peer secure from each other, or you want the partecipants to
be securely isolated from external intrusion?

Using a PSK eases from using a pki infrastructure in order to have a
safe key exchange.
The point is: authentication.
Diffie helmann exchanges keys but it's peer authentication-less: discarded.
The way is key exchange through RSA  (SSL does it).
The use of a psk assumes that who knows the psk is trusted, as soon as
the AES takes place, the key is recalculated over again, so just take
the PSK as a secure way of beginning the session.

HTH

-- 
Marco Gregorio
key fingerprint:
0189 83E0 8CE2 84F9 ACC1 CC96 FCBF 3D5E 6F48 07D0
Email:
echo "lwjltrfwhtElrfnq3htr" | perl -pe 's/(.)/chr(ord($1)-5)/ge'

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------