Key renewal interval?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
evaldas
DD-WRT Novice


Joined: 02 Nov 2006
Posts: 5

PostPosted: Sat Jan 19, 2008 21:30    Post subject: Key renewal interval? Reply with quote
Maybe it's not a place to ask, cause it's not directly related to DD-WRT, but I don't know where else to ask.

I've setup DD-WRT on WHR-G54S for my brother, and he says that sometimes wireless connection on his laptop disconnects and after about half a minute reconnects again. Does it have anything to do with key renewal interval? Currently it's set to 3600. I guess this means, that the key is regenerated every 3600 seconds, but does it mean that wireless clients need to reconnect every hour?? If it's not, then I have to look for a problem somewhere else.

P.S. And, is it safe to use this interval (3600) or I should lower it? I'm using WPA-PSK TKIP (63 symbols passphrase), cause I believe that TKIP uses less CPU power than AES for both: AP and clients (longer battery time). Maybe I'm wrong.
Sponsor
infusion
DD-WRT Guru


Joined: 30 Aug 2006
Posts: 506

PostPosted: Sun Jan 20, 2008 0:59    Post subject: Reply with quote
It's ok to use the default 3600 in renew interval. Yes it's in seconds, and it means 1 hour. But it won't make it disconnect.
Maybe you should take a look if signal is strong enough. Many thing's can cause this, even microwave ovens, or wireless phones...
bjoeg
DD-WRT User


Joined: 26 May 2008
Posts: 416

PostPosted: Tue Jan 13, 2009 9:38    Post subject: Re: Key renewal interval? Reply with quote
evaldas wrote:
P.S. And, is it safe to use this interval (3600) or I should lower it? I'm using WPA-PSK TKIP (63 symbols passphrase), cause I believe that TKIP uses less CPU power than AES for both: AP and clients (longer battery time). Maybe I'm wrong.


KEy renewal happens automatically, and should not result in disconnection (however failure of client to accept key renewal will).

Regarding battery time with AES over TKIP, this must be a rumour. On AES capable NICs it is the same chip on the NIC, which will do the decipher regardless of TKIP or AES.
keyrenewal
DD-WRT Novice


Joined: 13 Jan 2009
Posts: 2

PostPosted: Tue Jan 13, 2009 10:32    Post subject: Reply with quote
Well, would it be a good conclusion to say that so long as my signal strength is strong, then if I set 300 seconds, that would be good too?

If the client does not accept the key or for whatever reason it fails, will it retry again? I think it's mentioned it will retry 4 times? And what happens if it fails 4 times?
bjoeg
DD-WRT User


Joined: 26 May 2008
Posts: 416

PostPosted: Tue Jan 13, 2009 11:04    Post subject: Reply with quote
Changing the key renewal time wont change much other than adding extra load to the NIC/Driver and AP/Router, this may impact performance if the medium is heavily used.

If will add some extra security, but do remember the (AFAIK) only method able to crack WPA is bruteforce attack.

So a strong encryption key will add more security than changing key renewal time.

Signal strenght has nothing to do with the above.

In evaldas' case, his brother's problem could very well be interference.
Most wifi novices forgets that the frequency Wifi uses is shared frequencies, in which cordless equipment like mice, keyboards, bluetooth, audio/video signal, x11 cameras, baby monitors, some cordless phones, other wifi networks even microwave ovens and many more.

Even 802.11a (wifi in 5Ghz) is shared spectrum, however so far it is much unused and in some countries, 802.11a has more non-overlapping channels than 802.11b/g.

Evaldas' brother may just need a new driver for his wireless nic, if none of the above plays in.
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Tue Jan 13, 2009 17:51    Post subject: Reply with quote
bjoeg wrote:
but do remember the (AFAIK) only method able to crack WPA is bruteforce attack.


That is basically the case. However, there is indeed a new attack on TKIP which allows an attacker to inject small packets into the network without knowing the preshared key. Lowering the key interval (or I should say make the key renew more often) is one of the things recommended to thwart this attack.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum