EAP - dynamic WEP key for each session

william.ong · ‎10-04-2001

Hi, understand that EAP generate dynamic WEP keys for individual client and sessions. Does that means that the same client firing an FTP session and Telnet session uses different WEP keys? Does the per session refers to source/destination IP as well as port numbers? Tks.

dladen · ‎10-09-2001

802.11b is a layer two solution (datalink). It does not know of anything higher in the stack( ip address, ports, applications).

A workstation uses the same wep for all network interaction.

I believe each workstation uses a different WEP.

alan.holt · ‎10-16-2001

The WEP key is generated per session, per user. A new dynamic WEP key is generated by combining the Initial vector and the password of the user. The password is the password used to authenticate against the Domain Controller via the ACS 2.6 server using Cisco Aironet Radius. The WEP key can be set to have a time out, forcing a renegotation to happen. Visit the following link to review:

http://www.cisco.com/warp/customer/cc/pd/witc/ao350ap/prodlit/1515_pp.htm

And the following to set the timeout for the ACS server:

http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/salep_an.htm

It is my understanding that it only takes two instances to determine a WEP key from the IV and the key. When two IVs are found a simple XOR is performed to determine the WEP key from the IV and the client key. The timeout of the WEP key is based on throughput. Once a threshold is met a key is renegotiated. There is a new IV per packet under this implmentation. I suspect that a pool of random numbers is being used (meaning you may have the same number more than once, nothing is truly random) This leads me to believe that a IV may be used for more than one user and therefore create a different dynamic WEP key and make it more difficult to crack.