Just dreaming: different WEP keys per client

Jouni Malinen jkmaline
Wed Apr 28 19:46:50 PDT 2004


On Fri, Apr 23, 2004 at 10:42:51AM +0400, Konstantin Klubnichkin wrote:

> I was dreaming last evening about per client WEP encryption.
> As far as I understand (please correct me) there are 2 ways to
> encrypt/decrypt data - in firmware and in hostapd.

hostapd is a user space daemon and it is never involved in processing
data frames. Encryption can be done in the wlan card or in the Host AP
driver.

> I thought about it in a scope of public WiFi cafe. When client gets
> (buys) account information (login/password) and wants to encrypt
> his/her traffic we also give him WEP key. The problem is - once you
> know WEP key of one client - you know WEP key for whole network.
> It's allmost impossible to force client to use WPA-PSK because of
> complexity of the process. Moreover once "bad guy" gets passphrase he
> can decrypt all WiFi traffic in our network.

What kind of clients do you use? Why would WPA-PSK be any more complex
than IEEE 802.1X with dynamic WEP keys ro whatever proprietary WEP key
handshake you would use here? Setting up WPA-PSK in the client only
requires one to configure the passphrase for the SSID, i.e., it is about
as complex as setting up static WEP keys..

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list