IEEE Approves 802.11i

Dozix007 writes "IEEE has approved a new wireless security protocol dubbed 802.11i, intended to finally provide sufficient security for wireless connections that users don't need to rely on alternate security layers. The new specification works by using AES encryption in the transceiver itself, encrypting data directly at the level just above the actual radio pulses themselves. That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification."

awesome

[joel2600]

Now try explainging to regular people the difference between a/b/i/g/x and which ones work together, which ones don't and why.

i hope the guys at best buy are up to speed to direct the consumers!

Is this really a good thing?

[kabocox]

I know some seemless intergrated security is better than having it tacked on afterward. I've always felt that if folks trusted a default security layer to be perfect, they will get burned when the defaul layer is broken. You should always have application encryption of important data. You shouldn't just trust that your pipe will be encrypted. Sometimes those pipes get used by unauthorized third parties that's when having everything else encrypted comes in handy. I'm just afraid folks will switch to the 802.11i and not bother to encrypt any of their data.

Re:Sure but does it require new equipment

[tmasssey]

According to this article, the speed of encryping 128 bits of data with a 128-bit AES key is 730 cycles on a 32-bit MIPS processor. To keep it consistent with your numbers, that's actually >45 cycles/byte. At approximately 5 Million bytes/sec (54Mbit wireless), and 45 cycles/byte, that's 225 Million cycles per second right there. IIRC, the processor that's embedded in the router has a single pipeline at 200MHz, or, at best, 200 MIPS.

In other words, assuming *zero* processing overhead, we're 25 MIPS short for wire-speed encryption.

These are very rough numbers, but think of it this way: do you think Cisco (or whoever) spec'ed a processor substantially faster than what they needed? From my peronal experience, embedded processors do not usually have more than a few percent more performance than they need: rarely do they have even 30% more performance than they need. Even if they design a system with a way-fast processor, one of two things happen: their code bloats to use that speed (or they quit optimizing because they don't need to), or they end up buying a lower-cost, slower processor for production!

In short, it's highly unlikely that the Wrt54g will have anywhere near the CPU power to do wire(less)-speed AES at 54Mbit. Half that? Maybe, but not all of it.