Encryption without authentication?

Philip M. White pmw at qnan.org
Mon Feb 20 18:23:40 EST 2006


On Mon, Feb 20, 2006 at 09:02:03AM -0800, Jouni Malinen wrote:
> On Mon, Feb 20, 2006 at 10:53:33AM -0600, Philip M. White wrote:
> > > On Sun, 2006-02-19 at 00:28 -0600, Philip M. White wrote:
> > > > Is there a way to retain the benefits of CCMP/TKIP without having to
> > > > configure each client with credentials?
> 
> > I chose PEAP because it allows me to specify a trivial password such as
> > the house number instead of long arbitrary strings such as WEP or PSK
> > keys.
> > 
> > My goal is for any user to be able to log on to the network without
> > knowing any special piece of data.
> 
> In that case, I don't really understand what you are referring to with
> "benefits of CCMP/TKIP".. If you want to provide anyone access to the
> network and do not want to have any pre-shared secret (or public crypto
> for that matter), what would you like to get from CCMP/TKIP that
> unencrypted open network does not provide?

I want to prevent people from seeing each other's traffic.  With
EAP/PEAP if two people know the same username and password, the AP still
assigns them different unicast keys so that they cannot snoop on the
network.  With an open network, this is not the case.

Individual encryption is I am trying to obtain; I just don't want the AP
to provide this only to "authorized" users.

-- 
Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060220/77c5658b/attachment.pgp 


More information about the HostAP mailing list