Just dreaming: different WEP keys per client

Jouni Malinen jkmaline
Wed Apr 28 19:46:50 PDT 2004

On Fri, Apr 23, 2004 at 10:42:51AM +0400, Konstantin Klubnichkin wrote:

> I was dreaming last evening about per client WEP encryption.
> As far as I understand (please correct me) there are 2 ways to
> encrypt/decrypt data - in firmware and in hostapd.

hostapd is a user space daemon and it is never involved in processing
data frames. Encryption can be done in the wlan card or in the Host AP

> I thought about it in a scope of public WiFi cafe. When client gets
> (buys) account information (login/password) and wants to encrypt
> his/her traffic we also give him WEP key. The problem is - once you
> know WEP key of one client - you know WEP key for whole network.
> It's allmost impossible to force client to use WPA-PSK because of
> complexity of the process. Moreover once "bad guy" gets passphrase he
> can decrypt all WiFi traffic in our network.

What kind of clients do you use? Why would WPA-PSK be any more complex
than IEEE 802.1X with dynamic WEP keys ro whatever proprietary WEP key
handshake you would use here? Setting up WPA-PSK in the client only
requires one to configure the passphrase for the SSID, i.e., it is about
as complex as setting up static WEP keys..

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list