Dynamic WEP (WEP with 802.1X) avoids this by refreshing keys before the IV space is exhausted. Appropriate refresh intervals should be determined by looking at actual frame counts in your WLAN.
Encryption keys are never re-used by TKIP. TKIP combines a temporal key, the transmitter's address and TKIP Sequence Counter (TSC) to generate per-packet keys. If the TSC is exhausted, the standard requires communication to be discontinued or the temporal key to be regenerated. The TSC is 48 bits long, or 281,474,976,710,656. That's a very large number of frames. How long will it take for your WLAN to generate this many frames? At 802.11b data rates, you're talking many years.
The 802.11i standard specifies a maximum lifetime for temporal keys, defined as the minimum of any configured Pairwise Master Key Lifetime and any session timeout carried by RADIUS accept messages returned via 802.1X. That lifetime can cause the temporal key to be refreshed at regular intervals. But you don't need to set that lifetime based on TKIP key reuse. Think in terms of how long a user should really be authorized before requiring reauthentication.
Dig Deeper on Enterprise mobile security
Related Q&A from Lisa Phifer
Is there a difference between a wireless access point vs. a router? Yes -- while the two wireless devices are related, they meet different needs in a... Continue Reading
Learn the differences between site-to-site VPNs vs. remote-access VPNs and find out about the protocols, benefits and the data security methods used ... Continue Reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.