Dynamic key rotation is done with 802.1X. One option is to do periodic re-auth, which can generate a new key each time (the key is derived by the client and the auth server independently from the credentials exchanged and secret credentials each side knows but are not exchanged, so that an eavesdropper cannot do the derivation, and the auth server sends the new key to the AP, which uses EAPOL-Key packets to inform the client that the new key is in use). Another option (which is used for broadcast keys, for instance) is to send the new key in an EAPOL-Key packet, but encrypted with the session key (as described above).
All this relies on authentication protocols (such as EAP-TLS, PEAP, EAP-TTLS, EAP-SRP, EAP-SIM or EAP-AKA) which can derive keys on both sides without transmitting them.
Another option some people have been toying with was to generate keys from a pre-shared secret and NTP timestamps. Don't know if that has ever been actually implemented.
Hope that helps,
Jacques.
At 18:16 20/03/2003, R. Simkins wrote:
Hi,
I was wondering how sharing the WEP key with network users works?
I know that WEP can be hacked and that it doesnt take too many packets, I also know that there is a way around it by changing the key every x thousand packets, but how is the new key distributed to clients?
Thanks
Rob -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
-- Jacques Caron, IP Sector Technologies Join the discussion on public WLAN open global roaming: http://lists.ipsector.com/listinfo/openroaming
-- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
