On Tue, 2009-04-07 at 19:17 +0300, Jouni Malinen wrote: > On Tue, Apr 07, 2009 at 03:15:52AM +0300, Maxim Levitsky wrote: > > > But I could arrange small program that listens to device in monitor or > > maybe even just promisc mode, and records WPA handshakes. For every > > handshake it could install the key in kernel driver, so it would use it > > for decryption, and show the traffic on device in promisc mode. Is it > > possible to do today? I guess not. > > No, and I don't see why this should ever end up in the kernel.. It is > better done in userspace for such a special case. The key configuration > interface does not support configuring different keys based on the > receiver address and most hardware acceleration designs would not > support matching the key in this way, so the standard mechanism used for > decrypting packets to the STA in normal case does not really suit this > type of need. > I mostly agree. But then maybe its better not to show unencryped frames at all on promisc interface? > > All this program has to know is the PSK. > > (I could even arrange WPA supplicant to do this job - it knows all keys > > already) > > Sure, you could figure out the PTK for each STA when using WPA-Personal > (but not so for WPA-Enterprise/EAP), but that is only one part of the > task. The problem comes from decrypting packets that were not designed > to be decrypted (unicast frames to other STAs). Exactly. this why I thought it would be nice if kernel could do that and present a virtual promisc mode. Userspace helper could do all the job figuring the keys, and kernel would just use keys to decrypt the traffic. I could even hack the wpa_supplicant on all systems that belong to my network to exchange the keys. Anyway, thanks, Best regards, Maxim Levitsky -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html