Sunday, January 30, 2005

Open vs shared key authentication

Associating with the AP

Access points have two ways of initiating communication with a client Shared Key or Open Key authentication.
Open key allows anyone to start a conversation with the AP.
Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates.

How Shared Key Auth. works

Client begins by sending an association request to the AP AP responds with a challenge text (unencrypted) Client, using the proper WEP key, encrypts text and sends it back to the AP If properly encrypted, AP allows communication with the client.

Is Open or Shared Key more secure?
Ironically enough, Open key is the answer in short Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text
Simply plugging these two values into the RC4 equations will yield the WEP key!

0 Comments:

Post a Comment

<< Home