Re: [Madwifi-users] About dynamic wep keys
Status: Beta
Brought to you by:
otaku
From: Terry S. <gal...@ma...> - 2004-02-20 19:10:17
|
Alejandro, I think there is some confusion here about various aspects of 802.1x=20 and how the supplicant interacts with the driver. "dynamic wep keys" are simply WEP keys. They are only dynamic in that=20= they can be updated at a specific time interval and the supplicant=20 knows how to instruct the driver (through IOCTLs) how to set those WEP=20= keys and use them. MADWifi has no concept of "broadcast" versus "unicast" keys... They're=20= all WEP keys. (The difference is that the supplicant tells the driver=20= which of its keys to use for transmission...). I'm not 100% sure about=20= how the guts of this all works, but you basically have it right, as I=20 understand it, that the WEP keys are decrypted with a session key. The=20= supplicant handles this, and then passes the "real" WEP key down to the=20= card. (In this sense we have two types of keys... EAPoL keys and WEP=20 keys.). "fast rekeying" is a term that is sometimes used for saying "the=20 ability to set new WEP keys, but not have the wireless card reset". =20 So... depending on where you picked up the term, it may mean different=20= things. I don't know if this is a proper term... I know some driver=20 maintainers don't like it. As far as the driver is concerned, it needs to handle WEP, and we need=20= to tell it which key slot to use for transmission. That information is=20= gleaned from the supplicant by the key messages sent from the AP. If=20 the AP sends us a new broadcast key, we set the key on the card=20 according to the information that the AP sent us. Basically what it boils down to is that if the AP is sending new keys,=20= we need to assume that it wants us to use those keys. Not setting them=20= could cause problems. As far as the D-Link is concerned, the 900AP+ also acts this way. If I=20= remember correctly, the AP is sending broadcast keys every few seconds,=20= but that may be different for your AP. xsupplicant will try to set any keys that the AP sends it, so the issue=20= isn't going to be a problem with the driver. The MADWifi driver used to reset when keys were issued, and there was=20 another problem that prevented authentication from occuring. I haven't=20= been successful in actually passing traffic on an 802.1x authenticated=20= link with MADWifi yet, and sometimes I can't authenticate. (Though I=20 haven't used any of the latest code and I haven't tested some=20 suggestions that have been passed to me via E-mail) Hopefully the above helps explain things a little... - Terry On Feb 18, 2004, at 3:54 AM, Alejandro Mart=EDnez Marcos wrote: > Hello, > =A0 > =A0=A0=A0 I have some questions about dynamic wep keys: > =A0 > =A0=A0=A0 -As far as I know,=A0there are broadcast keys and unicast = keys. What=20 > is the difference between them? Does Madwifi support them both? > =A0 > =A0=A0=A0 -I understand 802.1x=A0fairly well until authentication = succeeds.=20 > After, I don't know very well how things happen. I think that the AP=20= > sends wep keys proctected with a session key, and the client tries to=20= > follows the AP changing its wep keys. Is it exactly this way? > =A0 > =A0=A0=A0 -Is Madwifi able to follow fast rekeying? Because=A0It seems = that my=20 > D-Link1000+ AP is sending continuously keys to=A0xsupplicant, although = I=20 > I have set key renew=A0interval=A0to 1=A0day.=A0=A0 > =A0 > =A0=A0=A0 I would also be very grateful if someone could give me a = good link=20 > to learn about dynamic wep keys! > =A0 > Thanks everyone!=A0=A0=A0 > =A0 > Alejandro Mart=EDnez Marcos > SGI - Soluciones Globales Internet > Delegaci=F3n Regional Sur > EMail: aa...@sg... > Tlfno: 954088060 |