On 6 Jun 2006, at 19:37, Spruell, Darren-Perot wrote: > I understand. You're not saying anything regarding intercepting an > existing > session and accessing the data; it's akin to getting an Ethernet > cable on a > LAN (since you have the PSK for authentication) and negotiating a new > communication session (key, etc.) with the AP.
So at that point, you're effectively on the LAN, so have access to the traffic that runs across it anyway. However, if the sessions are individually keyed for each user, with a time-dependant rotating key, the person spoofing the MAC won't have the corresponding key, so won't be able to decode the traffic properly? It's similar to being on the same switch, but the radio traffic that is visible is WPA encrypted, again with the time dependant keys. So even if the PSK is freely available, the initial session negotiation means it's still hard to steal another person's traffic? Or am I getting my layers mixed up here? > A problem which WPA Enterprise (w/RADIUS and individual per-user > authentication, not per-computer authentication) would protect > against. > > Unfortunately, something that wouldn't suit the OP's situation > either... Yes, it requires a RADIUS client to connect. I have read a little more about RADIUS (specifically FreeRADIUS) and I like the features it has to offer, especially the accounting parts. It's a shame it's not suitable, it takes care of a lot of the problems I have yet to work out. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
