0

Some sites say that the PTK is used for encrypting the data between the client and the WAP while others say that the PMK is used instead. Which one is true?

From what I understand, this can have very different security implications. If PTK is used, then the key used for encryption will be different for each user even though the passphrase is the same.(Due to differences in the Snonce and Anonce) If PMK is used instead, then compromising one key will automatically lead to a compromise of all clients in the same network, since they all share the same PMK. Of course this only applies to WPA-PSK and not WPA-Enterprise,since every client submits its own credentials in the latter.

Lew Wei Hao
  • 429
  • 5
  • 13

1 Answers1

1

It is the PTK used for data transfer, it is derived from the PMK (PSK). If the PMK is compromised (You get to know the passphrase/password) all you can get is the Broadcasts packets, because you can connect ONLY to the AP, and not the other clients, since you need the handshake to generate the PTK.

By definition from the IEEE 802.11i:

pairwise transient key (PTK:) A concatenation of session keys derived from the pairwise master key (PMK) or from the PMK-R1. Its components include a key confirmation key (KCK), a key encryption key (KEK), and one or more temporal keys that are used to protect information exchanged over the link.

And the PMK:

pairwise master key (PMK): The key derived from a key generated by an Extensible Authentication Protocol (EAP) method or obtained directly from a preshared key (PSK).

Azteca
  • 1,116
  • 7
  • 16