the 'i' standard has not been ratified yet, alot of the security implimentations are interm fixes using a daft of the 802.11i spec, and were temporary.

When 802.11i is ratified, alot of older AP's will need to be replaced as they don't have enough guts to do all the AES encyption nessecary.

The answer is a very qualified "sort of." WPA is technically a subset of 802.11i, and as WPA has been included in most routers, APs and cards for the last two years or so, then technically, most of those devices are running a subset of 802.11i.

According to most manufacturers, anything current device which has WPA will be capable of running the full 802.11i standard after a firmware upgrade. It seems that the silicon horsepower needed for running AES is the same as WPA, so the upgrade will allow the device to run the AES-CCMP encryption. For the most part howerver, the firmware upgrades for current 802.11g consumer equipment seem to be vaporware.

At this time, the only fully compliant 802.11i devices that I know of are enterprise level: The Proxim (now Terabeam) ORiNOCO AP-4000M, AP-4900M, AP-4000, AP-700 Access Points. (There may be others, but as I said, those are the only models I happen to know about.)

AES would cause even current waps to work 'overtime' I would think, but even if they could handle it, wouldn't AES slow down the traffic speed dramatically?

Like I said, according to the manufactureres the silicon needed for running AES is the same as WPA. <shrug> Not being an EE, I'll have to take their word for it.

There's alsways a bit of overhead with encryption. Whether that is dramatic enough to be noticed is in the eye of the beholder to a certain extent. Personally, I've never noticed it with WEP or WPA. Other connections (ie, T1, Cable, DSL) tend to be far slower than the WLAN to begin with, so most data bottlenecks occur at the juncture of those connections. If you are transferring huge files between computers on the WLAN, the you might notice a slight difference.

First off, neither have I.

You seem to be implying a bandwidth concern. I think people are more concerned about adding delay at the router which, as you know, is cumulative (i.e., no bottleneck). However, the most common scenario is that the general-purpose processor in the equipment isn't fast enough to perform encryption so the manufacturer purchases specialized chips which, conveniently enough, perform almost instantaneously.

Yeah, "bottleneck" probably isn't the right word here. I tend to use it with non-technical clients as it's a concept they understand. The issue that I see commonly with clients starts off with a question like: "I've just added the latest ReallySuperFast(tm) Router using GeeWizSpeed Technology (tm) to my WLAN and my Interweb connection hasn't sped up. How come? Is that encryption thing slowing it down?" Said question is usually followed by the sound of my head hitting the desk multiple times. I then _try_ to explain in simple terms why. More pounding my head on the desk usually follows.

In any event, if anyone can notice a speed difference between encypted and unencrypted traffic over a WLAN, then they have a much better sense of timing than I possess.

802.11i &amp; WPA2

Yes this has confused me also. Although I am still reading the "Real 802.11 Security: Wi-Fi Protected Access and 802.11i" book, I have been advised that WPA2 is an implementation of the 802.11i.

http://www.wi-fi.org/OpenSection/protected_access.asp

Encryption/Decryption Latency induced by Rijndael AES Implementation

Most modern integrated chipsets offer hardware based Rijndael Implementations typically providing an encryption decryption latency between 6-30uS.

With the DCF back-of period utlilised by the 802.11 MAC between 9uS and 549uS invoked during detection of a busy channel or Packet Collision, and the inherent latency involved in the reception acknowledgment procedure encryption and decryption latency are hugely significant.

Slightly more relevant is encryption overhead that reduces the effective good-put available to the communications channel. However unless you are attempting to transfer high definition video over IP. This is unlikely to present much of an issue either.

I don't know some of the implementations in 802.11i seem kind of weak and just barely a step better of what is out there right now. TKIP is supposed to replaced WEP but it seems like the same shit, despite some differences like MIC. But I am more interested in how MIC is gonna guarantee the integrity of packets and determine if packets have been captured and modified. I mean we don't even have this type of technology standard in wired connections.

Just Fast Keying seems like a better approach to the security of Wifi but since it was created by the RSA and some other companies, it could be a problem to use the technology just like Cisco's home brew shit. I guess the IEEE can adopt the same type of concept and just go about doing the job differently, if the concept is not patented.