Query about WEP and dynamic keys
OIzhvanov at rfmd.com
Wed Aug 13 06:43:22 EDT 2003
This is quite common problem -- you should think about 802.1X and RADIUS
as the temporary solution and WPA as the final. The idea is that you
have certificate-based authentication system, and WEP keys are generated
on a per-session basis and ditributed via special EAPOL-Key messages, so
it is not a problem if the key for particular session becomes compromised.
You may read about 802.1X and RADIUS on:
Madhusudan Singh wrote:
> Thanks to all the help, I managed to set up my access point and get
> my DHCP server to issue leases, etc.
> I am using wep with a fixed key in the restricted mode, and was
> thinking if a better mechanism could be devised, say, something similar
> to the Kerberos ticket mechanism / ssh. I somehow do not like the idea
> of storing the key (even if the server be behind a hardened firewall) in
> short plain text form, which could compromise the security if the fixed
> key became accidently known.
> Also, if I have a large pool of users (say 6-8), this key would have
> to be given to all of them, increasing the risk of disclosure. I have
> MAC address matching in place, but I want to make it more secure in the
> fashion of ssh as mentioned earlier, including an RSA passphrase
> mechanism for each client that logs on.
> Forgive me if all this sounds rather vague. I am not exactly savvy
> with WEP.
> HostAP mailing list
> HostAP at shmoo.com
Best Regards, Oleg Izhvanov <oizhvanov at rfmd.com>
More information about the HostAP