WEP encryption for WDS links

Pavel Roskin proski at gnu.org
Sun Mar 28 01:29:56 EST 2004


On Sun, 21 Mar 2004, Bod Grodon wrote:

> Would anybody of you guys please answer my question - According to
> hostap README, wds links are "insecure". For me as for not too much
> experienced with WDS this might mean that the prism hardware/driver is
> leaving WDS packets unecrypted. Is that true? So when I apply the WEP
> key on say wlan0wds0 by 'iwconfig wlan0wds0 key s:xxxx:' does it mean
> that the key is in fact not in use? And the traffic between the APs is
> not encrypted?

I believe WDS is just as less secure than other wireless links.  The
warning in the README file is given for the case when wired networks are
bridged by WDS.  It's just a reminder to recheck the assumptions about
security if the network is no longer wired only.

Maybe the warning should be rephrased since hostap supports stronger WPA
encryption now.

> I am asking the question because I was confused with the README text,
> wds section. The text's statement is "wds packets must be ecrypted in
> software". Oh-oh, I think, what a surprise! :) Or, is that only a
> precaution of not to use WEP with WDS (just becase wep keys may be
> decoded by capturing and analysing the traffic)

I couldn't find that quote in the CVS version.  Perhaps is was removed or
rephrased already.

Whether the encryption is done in software or firmware, it should be
transparent to the users.  In fact, any encryption other than WEP is
always done in software, and you shouldn't be using WEP if you really care
about security.

-- 
Regards,
Pavel Roskin



More information about the HostAP mailing list