diff options
Diffstat (limited to 'contrib/wpa/wpa_supplicant/doc/docbook/wpa_background.8')
-rw-r--r-- | contrib/wpa/wpa_supplicant/doc/docbook/wpa_background.8 | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/contrib/wpa/wpa_supplicant/doc/docbook/wpa_background.8 b/contrib/wpa/wpa_supplicant/doc/docbook/wpa_background.8 deleted file mode 100644 index 19162a3..0000000 --- a/contrib/wpa/wpa_supplicant/doc/docbook/wpa_background.8 +++ /dev/null @@ -1,84 +0,0 @@ -.\" This manpage has been automatically generated by docbook2man -.\" from a DocBook document. This tool can be found at: -.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> -.\" Please send any bug reports, improvements, comments, patches, -.\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WPA_BACKGROUND" "8" "07 September 2010" "" "" - -.SH NAME -wpa_background \- Background information on Wi-Fi Protected Access and IEEE 802.11i -.SH "WPA" -.PP -The original security mechanism of IEEE 802.11 standard was -not designed to be strong and has proven to be insufficient for -most networks that require some kind of security. Task group I -(Security) of IEEE 802.11 working group -(http://www.ieee802.org/11/) has worked to address the flaws of -the base standard and has in practice completed its work in May -2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was -approved in June 2004 and published in July 2004. -.PP -Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version -of the IEEE 802.11i work (draft 3.0) to define a subset of the -security enhancements that can be implemented with existing wlan -hardware. This is called Wi-Fi Protected Access<TM> (WPA). This -has now become a mandatory component of interoperability testing -and certification done by Wi-Fi Alliance. Wi-Fi provides -information about WPA at its web site -(http://www.wi-fi.org/OpenSection/protected_access.asp). -.PP -IEEE 802.11 standard defined wired equivalent privacy (WEP) -algorithm for protecting wireless networks. WEP uses RC4 with -40-bit keys, 24-bit initialization vector (IV), and CRC32 to -protect against packet forgery. All these choices have proven to -be insufficient: key space is too small against current attacks, -RC4 key scheduling is insufficient (beginning of the pseudorandom -stream should be skipped), IV space is too small and IV reuse -makes attacks easier, there is no replay protection, and non-keyed -authentication does not protect against bit flipping packet -data. -.PP -WPA is an intermediate solution for the security issues. It -uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP -is a compromise on strong security and possibility to use existing -hardware. It still uses RC4 for the encryption like WEP, but with -per-packet RC4 keys. In addition, it implements replay protection, -keyed packet authentication mechanism (Michael MIC). -.PP -Keys can be managed using two different mechanisms. WPA can -either use an external authentication server (e.g., RADIUS) and -EAP just like IEEE 802.1X is using or pre-shared keys without need -for additional servers. Wi-Fi calls these "WPA-Enterprise" and -"WPA-Personal", respectively. Both mechanisms will generate a -master session key for the Authenticator (AP) and Supplicant -(client station). -.PP -WPA implements a new key handshake (4-Way Handshake and -Group Key Handshake) for generating and exchanging data encryption -keys between the Authenticator and Supplicant. This handshake is -also used to verify that both Authenticator and Supplicant know -the master session key. These handshakes are identical regardless -of the selected key management mechanism (only the method for -generating master session key changes). -.SH "IEEE 802.11I / WPA2" -.PP -The design for parts of IEEE 802.11i that were not included -in WPA has finished (May 2004) and this amendment to IEEE 802.11 -was approved in June 2004. Wi-Fi Alliance is using the final IEEE -802.11i as a new version of WPA called WPA2. This includes, e.g., -support for more robust encryption algorithm (CCMP: AES in Counter -mode with CBC-MAC) to replace TKIP and optimizations for handoff -(reduced number of messages in initial key handshake, -pre-authentication, and PMKSA caching). -.SH "SEE ALSO" -.PP -\fBwpa_supplicant\fR(8) -.SH "LEGAL" -.PP -wpa_supplicant is copyright (c) 2003-2007, -Jouni Malinen <j@w1.fi> and -contributors. -All Rights Reserved. -.PP -This program is dual-licensed under both the GPL version 2 -and BSD license. Either license may be used at your option. |