Just dreaming: different WEP keys per client

Konstantin Klubnichkin kostik
Wed Apr 28 23:39:54 PDT 2004

Hello Jouni,

Thursday, April 29, 2004, 6:46:50 AM, you wrote:

JM> On Fri, Apr 23, 2004 at 10:42:51AM +0400, Konstantin Klubnichkin wrote:

>> I was dreaming last evening about per client WEP encryption.
>> As far as I understand (please correct me) there are 2 ways to
>> encrypt/decrypt data - in firmware and in hostapd.

JM> hostapd is a user space daemon and it is never involved in processing
JM> data frames. Encryption can be done in the wlan card or in the Host AP
JM> driver.

>> I thought about it in a scope of public WiFi cafe. When client gets
>> (buys) account information (login/password) and wants to encrypt
>> his/her traffic we also give him WEP key. The problem is - once you
>> know WEP key of one client - you know WEP key for whole network.
>> It's allmost impossible to force client to use WPA-PSK because of
>> complexity of the process. Moreover once "bad guy" gets passphrase he
>> can decrypt all WiFi traffic in our network.

JM> What kind of clients do you use? Why would WPA-PSK be any more complex
JM> than IEEE 802.1X with dynamic WEP keys ro whatever proprietary WEP key
JM> handshake you would use here? Setting up WPA-PSK in the client only
JM> requires one to configure the passphrase for the SSID, i.e., it is about
JM> as complex as setting up static WEP keys..
The problem here is that clients (people) can use any kind of device -
from palms to notebooks.
WPA-PSK is not implemented in all OS'es and devices. At least I was
unable to find Microsofts' WPA for my old book with Win98.
And regarding 802.11X I was unable to configure this on my old book

Best regards,
 Konstantin                            mailto:kostik at beenet.ru

More information about the Hostap mailing list