Query about WEP and dynamic keys

Oleg Izhvanov OIzhvanov at rfmd.com
Wed Aug 13 06:43:22 EDT 2003


Greets,

This is quite common problem -- you should think about 802.1X and RADIUS
as the temporary solution and WPA as the final. The idea is that you
have certificate-based authentication system, and WEP keys are generated
on a per-session basis and ditributed via special EAPOL-Key messages, so
it is not a problem if the key for particular session becomes compromised.

You may read about 802.1X and RADIUS on:

    http://www.open1x.org/links

Madhusudan Singh wrote:
> Hi
>     Thanks to all the help, I managed to set up my access point and get 
> my DHCP server to issue leases, etc.
> 
>     I am using wep with a fixed key in the restricted mode, and was 
> thinking if a better mechanism could be devised, say, something similar 
> to the Kerberos ticket mechanism / ssh. I somehow do not like the idea 
> of storing the key (even if the server be behind a hardened firewall) in 
> short plain text form, which could compromise the security if the fixed 
> key became accidently known.
> 
>     Also, if I have a large pool of users (say 6-8), this key would have 
> to be given to all of them, increasing the risk of disclosure. I have 
> MAC address matching in place, but I want to make it more secure in the 
> fashion of ssh as mentioned earlier, including an RSA passphrase 
> mechanism for each client that logs on.
> 
>     Forgive me if all this sounds rather vague. I am not exactly savvy 
> with WEP.
> 
> Thanks,
> 
> MS
> 
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

-- 
Best Regards, Oleg Izhvanov <oizhvanov at rfmd.com>



More information about the HostAP mailing list