I should have asked, but assuming that you are talking about WEP ...
It depends on the vendor. The standards don't define the concept of
passphrase, only the use of a list of four keys - actually "private keys",
or subkeys - and the use of IV and index. The method by which these keys are
generated and configured is an implementation detail.
I've seen some people in this group use the word "passphrase" in a way that
suggests that what they refer to is the actual key, in ASCII character
string form, of 5 characters (64-bit key, sometimes called 40-bit), 13
characters (128-bit key), or 15 characters (152-bit key). Each of these
corresponds to a 10, 26, or 30 digit hex string. These are alternate forms
of the same key, and many vendors let you configure a key in either form.
I'm convinced that some people believe they are entering a passphrase when
in fact they are entering the key itself.
WPA pre-shared key does generate a sequence of completely different keys
based on a passphrase, and does not depend on transmission of a part of the
key in the clear, as does WEP. If the initial passphrase is long enough, and
random enough, WPA pre-shared key is considerably more secure than WEP.
"Ron Bandes" <RunderscoreBandes @yah00.com> wrote in message
news:6xTXb.11008$(E-Mail Removed). net...
> I believe that when you generate keys via a passphrase, that four separate
> keys are generated. This is not covered in the spec. Perhaps one of the
> devices only generated 4 copies of the same key. I'll have to do some
> experimentation.
>
> Thanks,
> Ron Bandes
>
> "gary" <(E-Mail Removed)> wrote in message
> news:v6PXb.22121$(E-Mail Removed). com...
> > You read the spec correctly. The AP and the client transmit with
> independent
> > keys. What usually confuses people is the fact that the AP has to have
> both
> > its key *and* the client's key in its list, and ditto for the client,
> > because the other station's key is required for decryption.
> >
> > In fact, the AP and the client each maintain a list of up to 4 keys. The
> one
> > used for transmit is generally selected by a config menu, although some
> > vendors have proprietary schemes for automatically cycling through the
> list.
> > The actual key is a concatentation of the segment from the list with a
> > randomly chosen number called the Initialization Vector (IV). The IV is
> > included in the frame that carries the encrypted payload, and is used by
> the
> > receiver to construct the decryption key. The IV contains a 2-bit field
> that
> > designates the index of the private key (0 - 3). Therefore, sender and
> > receiver should have identical keylists, in identical order, or the
index
> > won't work correctly. But - each can transmit using any key from the
list.
> >
> > The confusion comes from the fact that if you create different
single-key
> > lists on each station, it will never work. You need to have at least two
> > keys in the list - and both stations need to have the same list - in
order
> > to use different keys.
> >
> > "Ron Bandes" <RunderscoreBandes @yah00.com> wrote in message
> > news:KFOXb.9787$(E-Mail Removed) et...
> > > Having read the IEEE 802.11 spec, it looks like it's not necessary for
> the
> > > access point and the wireless station to use the same key id. This is
> > > because every frame identifies which key ID was used to encrypt the
> frame.
> > > So seemingly, the access point could encrypt using one key, while a
> > station
> > > encrypts using another key. In practice however, I can't get real
> > equipment
> > > to communicate unless I set them both to the same key ID.
> > >
> > > Am I reading the spec wrong, or have the manufacturers simply not
taken
> > > advantage of this feature of the spec?
> > >
> > > Ron Bandes
> > >
> > >
> >
> >
>
>
|
Similar Threads
Linear Mode
