• Hi all,

    Is the IV in TKIP 48 bits or 64 bits long?
    On page 429, it's mentioned that "..., TKIP uses a six-byte IV instead of WEP's three-byte IV.".
    However, page 455 mentions TKIP initialization vectors of "(8 bytes instead of 4 bytes for WEP)".

    Please do help clear the confusion.
    Is this an error?


  • TKIP uses a 48 bit IV, so page 455 is incorrect. Good catch!

  • Thanks.

  • I believe that this change is in the most recent errata document, which I sent to Devin just a few days ago. I'm not sure if it's online yet.

  • I would like to amend what I stated in my original reply. Technically, the WEP IV is 4 bytes (32 bits)if you look at the standard. Now, one byte is used for a 6 bit pad and a 2 bit Key ID. So that is where you get the 24 bit IV that you see published. The problem that I have is that the extra 4 bytes (yes 4) that is added with TKIP doesn?¡é?€??t have this one byte with the padding and Key ID. So, technically (in my opinion) 32 bits are added when you use TKIP. (Would that make TKIP have a 56 bit IV?) The best place to look at this is in the 802.11i standard, section

    After emailing back and forth to Devin I have come to the realization (with his help) that a lot of the industry uses the terms 24 and 48 bits for WEP and TKIP respectively. If you see a document that refers to them as 32 and 64 bits, it is technically correct because the standard does state 4 bytes for WEP IV and an extra (extended) 4 bytes for TKIP IV. I know that it is tough to just accept that not all things are absolute, but I have learned that I have to or I?¡é?€??ll go crazy(er).

  • All:

    IEEE 802.11 (as amended by 802.11i) shows a WEP initialization Vector of 3 octets (24 bits) and shows a six octet (48 bits) TKIP Sequence Counter (TSC). In the later case 2 octets of the TSC is carried in the IV/KeyID field and 4 octets of the TSC is carried in the Extended IV field.

    This is made explicit in section "... the first 24 bits of the WEP seed shall be transmitted in plaintext as the WEP IV. As such, these 24 bits are used to convey lower 16 bits of the TSC from the sender (encryptor) to the receiver (decryptor). The rest of the TSC shall be conveyed in the Extended IV field."

    So the 4 octet space to carry the 3 octet WEP IV is doubled to 8 octets to carry the 6 octet TKIP IV. The surprise is that one of the three octets in the WEP IV field is used instead as the mysterious WEPSeed when TKIP is enabled.

    CWNAv3 study guide page 455 should be amended to say "(6 octets instead of 3 octets for WEP)".

    I hope this helps. Thanks. /criss

  • So, what I understood from your explanation is that, if we ever get a question asking for the lengths of the IVs used in WEP and TKIP, as far as the CWNA exam is concerned, the answer is 3 octets and 6 octets, respectively. You confirm that?

    Thanks everyone.

  • Hi BlueIce:

    I confirm only that those would be the correct answers. If I had access to the test base I would double check for you.

    I hope this helps. Thanks. /criss

  • I can confirm that the latest edition of the errata for the 3d Edition Study Guide match what Criss says: 3 octets for WEP and 6 octets for TKIP. I also don't have access to the test base to confirm that the test matches those numbers... Devin would be the guy to confirm that.

  • ...and I *CAN CONFIRM* that you should learn exactly what Criss says here. I have checked the current exam pools (as of today's date) for pw0-200, and you should know that the IV for WEP is 24 bits (3 octets) and for TKIP is 48 bits (6 octets). Hope this helps. ;-)


Page 1 of 2