Re: encryption

From: Jouni Malinen (
Date: 2002-07-25 16:54:37 UTC

On Thu, Jul 25, 2002 at 01:02:41PM +0100, Richard Powell wrote:

> From what I can understand it seems possible to use any other encryption
> algorithm over the wireless network by using the appropriate module.
> This means that instead of using WEP (which has been proven to be
> useless) we could use SSL at a good 1024bit? If so, that would be
> excellent :-)

Yes, this is true. However, I would first consider using encryption on a bit higher level, since a more generic solution might suit better to many cases.

> Also, the host processor would take the load of the
> encryption and not the wireless card. We could even use soekris' idea of
> getting their hardware encryption mini-pci card to do the encryption and
> therefore dodge any slow downs caused by encryption and end up with a
> very strong encryption scheme?

Current design is not very well suited for hardware accelerated encryption. It can be done, but it would probably be better to change the code a bit to allow encryption to be done outside the TX/RX path if hwaccel is needed. TX/RX would put the frames into a queue and encryption hardware would encrypt/decrypt frames and tell the wlan driver to proceed. Current host-side encryption design in Host AP driver does not support this.

> Another thing, surely the clients connecting to the linux ap would also
> have to use the hostap driver. therefore it would mean all clients would
> have to be using cards with prism2 and a form of unix.. then the normal
> issue comes in to play, most of my clients run winblows. :-(

I haven't tested whether host encryption/decryption in Host AP works with Lucent/Symbol cards. It might work, but encryption setup (i.e., how to configure the card for host-based encryption) might need some changes. Those who need to support Windows clients can of course implement own driver that supports host-encryption with the same algorithm.. Intersil sells reference design driver with source code for various Windows versions and it could be modified to support host encryption with same algorithms.  

Jouni Malinen                                            PGP id EFC895FA

This archive was generated by hypermail 2.1.4.