Encryption without authentication?
bbender at vocollect.com
Mon Feb 20 18:55:34 EST 2006
On Feb 20, 2006, at 6:23 PM, Philip M. White wrote:
> I want to prevent people from seeing each other's traffic. With
> EAP/PEAP if two people know the same username and password, the AP
> assigns them different unicast keys so that they cannot snoop on the
> network. With an open network, this is not the case.
> Individual encryption is I am trying to obtain; I just don't want
> the AP
> to provide this only to "authorized" users.
It's not _completely_ secure, but you could use WPA-PSK and use that
same trivial house number as the passphrase, couldn't you? The
temporal keys that are used for unicast traffic are different for
each association, but knowing the passphrase and having captured the
session setup, someone could derive the temporal keys and then
decrypt that session. I haven't read of any real-time attacks of this
sort yet, but it's certainly possible offline... Must it be more
secure than that for this application?
Pittsburgh, PA, USA
[Apologies for the following "disclaimer" -- it's corporate policy.]
-CONFIDENTIAL, PRIVILEGED COMMUNICATION-
This e-mail transmission is private and intended for the addressee(s)
only. It may contain information that is privileged and/or
confidential. If you have received this transmission in error, you
are not authorized to read, copy, disclose or disseminate it in any
manner. If you have received it in error, please delete it and all
copies (including backup copies) that have been made, and transmit a
reply message informing the sender that it was misdirected.
More information about the HostAP