(The topic has drifted to the management of keys in a wireless network. Adam responds to Steve's notes about WEP...)
Adam Fields <[EMAIL PROTECTED]> writes: > Practically, what's the right way to do this? You could do it with a > centralized server key that has the ability to broadcast a new shared > key to all clients, but then if the server gets compromised you lose > control of the entire network (possibly true anyway, for different > reasons). > > From my personal (limited) experience, key management is really > hard. I'm curious about potential solutions to this. Key management is hard, but there is good versus not so good versus horrible. Unchanging fixed WEP keys for everything on a network are bad. If, on the other hand, you use public key techniques or Needham-Schroder KDC based techniques, you can do much better. For example, the average wireless base station only has dozens to at most hundreds of clients. (In practice, they average far fewer, but never mind.) Also, 802.11 enforces that all communication goes through the wireless base station -- there are no mobile-mobile communications in the usual setup. It is thus perfectly reasonable to use different on-air conventional keys with each client, authenticated with a variety of techniques (shared key between base and client, public keys on both sides, Needham-Schroder, etc.), and negotiated by any one of a number of similar variety of techniques (Diffie-Hellman, randomly generated nonce keys replaced at intervals encrypted in a known key, etc.) More to the point, almost all 802.11 traffic carries IP. Therefore, using IPSec to protect traffic between the wireless node and the base station or a router, or even end to end, would not be unreasonable. In that case, key negotiation probably proceeds using IKE or perhaps a successor protocol. In any case, although none of these techniques are perfect, they all eliminate the problem of "one key to rule them all", with theft of one mobile handing over the entire net, both from a privacy and an authentication viewpoint. Of course, since WEP is crap anyway, you can break keys even if you don't steal a mobile, but even in principle the mechanism was not particularly good. It isn't any easier to configure than good methods, either. Sure, you need to pre-configure some authentication information to use any of the good methods, but you also need to pre-configure your super-secret WEP key if you use WEP so there is no improvement in ease of configuration by using WEP. -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]