• Great information.

    What interested me is that this article states that the GTK is encrypted with the KEK, not the PTK, when sent from Authenticator to Supplicant in message 3 of the 4-Way Handshake. This is in conflict with what is written elsewhere. Can anyone here verify which one is correct?

  • Yea, that kinda threw me also. Unfortunately, I haven't found a definitive answer. Any one care to comment?

  • I checked and in the 802.11i standard it states that the KEK is doing the encrypting.

  • Yes, the KEK is doing the encrypting....but dig a little deeper and you'll find that the KEK and KCK are both "part of" the PTK. :-) So, if you're being "general", then saying that it's encrypted with the PTK is correct. If you're wanting to be more specific, the KEK is the correct answer.

    802.11i, section and figure 43s

    I think the article you referenced is graphically wrong. ;-)


  • Gotcha. Thanks for the explanation.

  • thx for the explanation dev

Page 1 of 1
  • 1