Upgrading encryption on original Apple Airport base stations

[card swap]

Historical note

This page refers to the first generation of Apple Airport base stations. The current version supports 128-bit encryption out of the box. It can be easily identified by its dual ethernet ports and the “snow”-colored Apple logo, as compared to the “graphite” of the original. The new version is totally different internally.

When the Airport base station was released, its price of $299 was a breakthrough low. Since then prices have fallen dramatically and 128-bit WEP is now a minimum standard. It no longer makes any real sense to modify a first-generation Airport base station. This page remains online out of historical interest.

Be aware that although 128-bit encryption is somewhat better than the default, 802.11 wireless networks are easy to eavesdrop upon because of design problems in how the encryption was implemented. Additionally, there is an incurable key management problem, since all the client cards must have the same key. But you weren’t trusting the network-layer encryption alone to protect your data, were you?

How to

Apple’s original Airport base station, released in July 1999, sold for US$299 and included a v.90 modem, 10BaseT, and an optional NAT and DHCP server. At the time, most wireless use was corporate and base stations were priced accordingly, generally around $800. The Airport base station was standards-based and used off-the-shelf components repackaged into a very appealingly designed case, sold in volume cheaply enough to be used in a home network. With Apple’s marketing prowess and antennas built into the laptop chassis, they helped push another useful technology into the mass market. In short, good work.

I wanted a wireless base station at home, similar to the Lucent base stations at my office. So when the Airport became available and I heard that it had a Lucent WaveLAN PCMCIA card and a 486 running Karlbridge inside, I had to experiment.

The major deficiency of the Airport was that it only supported inferior-grade encryption, even though better cards were available from Lucent. I considered this inappropriate and unacceptable. I hypothesized that the card could be swapped; but only a MacOS configurator was provided for the base station, and it only knew how to set short keys. Fortunately, the Karlbridge configurator was able to talk to the base station and set it up correctly.


Alternative approaches

After this page was linked to from Slashdot, I received an amazing number of emails asking whether it was possible to run Linux on the Airport base station. I did not see this as a useful goal, since the value of the device to me was as an inexpensive, well-constructed, simple bridge. However, I am now frightened to report that, in fact, you apparently can run Linux on the graphite Airport. Decide for yourself whether this is useful.



Michael Shields <shields@msrl.com>