I have a few question about group key in WPA family:
1. How many bits GTK have? How much characters this key have?
2. From which characters GTK can be generated? From 0-9, a-z etc.?
3. Is GTK the final key to encrypt packets (GTK encrypts packets directly?)?
4. If not, what key encrypts multicast traffic? Which formula describes this key derivation from GTK?
1. GTK has 128 bits for CCMP and 256 bits for TKIP
2. Multicast traffic is protected with another key: GTK (Group Transient key), generated from a master key called GMK (Group Master Key) which is a fixed string based on access point MAC address and a random number GNonce.
3 and 4. GTK is divided into temporary keys:
GEK (Group Encryption Key): Key used for data encryption (used by CCMP for auth and by TKIP for encryption).
GIK (Group Integrity Key): Key used for data auth (used only by Michael for TKIP).
Amazing pdf manual about this: Wi-Fi security – WEP, WPA and WPA2
