Nokia A032 User Manual page 137

Authentication
Because secrecy of the key is paramount, WEP
never transmits a key value over the network.
The wireless client only needs to prove to the
access point that it has a matching key. It
achieves this using a method known as
challenge-response:
1
2
3
4
5
The computation is such that a hacker
intercepting both the challenge and the
response cannot work back to find out the key.
Intuitively you might think that if you can
compute the response from the key you should
be able to "uncompute" to get the key from the
response. However, this is not the case.
As an example, suppose you pick ten random
prime numbers and multiply them together to
get a result. Now take the result and ask a
friend to figure out which ten prime numbers
you started with. Such computations are much
easier in one direction than the other.
The wireless client indicates to the access
point that it wants to connect.
The access point sends a random number
(the challenge) to the wireless client.
The wireless client performs a computation
using its key and the random number, and
sends the result (the response) back to the
access point.
The access point performs the same
computation, using the same random
number and its copy of the key.
If the keys match, the result of the
computation will match that sent by the
wireless client – the wireless client is
authenticated and may be accepted.
131