From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-07-25 16:54:37 UTC
On Thu, Jul 25, 2002 at 01:02:41PM +0100, Richard Powell wrote:
> From what I can understand it seems possible to use any other encryption
> algorithm over the wireless network by using the appropriate module.
> This means that instead of using WEP (which has been proven to be
> useless) we could use SSL at a good 1024bit? If so, that would be
> excellent :-)
Yes, this is true. However, I would first consider using encryption on a bit higher level, since a more generic solution might suit better to many cases.
> Also, the host processor would take the load of the
> encryption and not the wireless card. We could even use soekris' idea of
> getting their hardware encryption mini-pci card to do the encryption and
> therefore dodge any slow downs caused by encryption and end up with a
> very strong encryption scheme?
Current design is not very well suited for hardware accelerated encryption. It can be done, but it would probably be better to change the code a bit to allow encryption to be done outside the TX/RX path if hwaccel is needed. TX/RX would put the frames into a queue and encryption hardware would encrypt/decrypt frames and tell the wlan driver to proceed. Current host-side encryption design in Host AP driver does not support this.
> Another thing, surely the clients connecting to the linux ap would also
> have to use the hostap driver. therefore it would mean all clients would
> have to be using cards with prism2 and a form of unix.. then the normal
> issue comes in to play, most of my clients run winblows. :-(
I haven't tested whether host encryption/decryption in Host AP works with Lucent/Symbol cards. It might work, but encryption setup (i.e., how to configure the card for host-based encryption) might need some changes. Those who need to support Windows clients can of course implement own driver that supports host-encryption with the same algorithm.. Intersil sells reference design driver with source code for various Windows versions and it could be modified to support host encryption with same algorithms.
-- Jouni Malinen PGP id EFC895FA