As described in Key Management, one of
the big advantages of using Dynamic WEP/802.11i with 802.1X is the
support for session keys. A new encryption key is generated for each
session.
Xsupplicant only supports "Dynamic
WEP" as of this writing. Support for WPA and RSN/WPA2
(802.11i) is being worked on, and is estimated to be supported at
the end of the year/early next year (2004/2005), according to Chris
Hessing (one of the Xsupplicants
developers).
Not all wireless drives support dynamic WEP, nor WPA. To use RSN
(WPA2), new support in hardware may even be required. Many older
drivers assume only one WEP key will be used on the network at any
time. The card is reset whenever the key is changed to let the new
key take effect. This triggers a new authentication, and there is a
never-ending loop.
At the time of writing, most of the wireless drivers in the base
Linux kernel require patching to make dynamic WEP/WPA work. They
will, in time, be upgraded to support these new features. Many drivers
developed outside the kernel, however, support for dynamic WEP;
HostAP, madwifi, Orinoco, and atmel should work without problems.
Instead of using Xsupplicant, wpa_supplicant
may be used. It has support for both WPA and RSN (WPA2), and a wide
range of EAP authentication methods.
