Dynamic WEP (WEP with 802.1X) avoids this by refreshing keys before the IV space is exhausted. Appropriate refresh intervals should be determined by looking at actual frame counts in your WLAN.
Encryption keys are never re-used by TKIP. TKIP combines a temporal key, the transmitter's address and TKIP Sequence Counter (TSC) to generate per-packet keys. If the TSC is exhausted, the standard requires communication to be discontinued or the temporal key to be regenerated. The TSC is 48 bits long, or 281,474,976,710,656. That's a very large number of frames. How long will it take for your WLAN to generate this many frames? At 802.11b data rates, you're talking many years.
The 802.11i standard specifies a maximum lifetime for temporal keys, defined as the minimum of any configured Pairwise Master Key Lifetime and any session timeout carried by RADIUS accept messages returned via 802.1X. That lifetime can cause the temporal key to be refreshed at regular intervals. But you don't need to set that lifetime based on TKIP key reuse. Think in terms of how long a user should really be authorized before requiring reauthentication.
Dig Deeper on Mobile Authentication and Encryption
Related Q&A from Lisa Phifer, Wireless Expert
Wireless expert, Lisa Phifer addresses a query regarding Wi-Fi replacing Ethernet. Lisa provides analysis, advantages and disadvantages, and future ...continue reading
Are Cisco 1200 access points operated in “thick” or autonomous mode or as a thin AP, a lightweight access point that is controlled by a central ...continue reading
Lisa Phifer explains multiple access point configuration when a device tries to differentiate transmitted signals from each point and explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.