m_pawlowski at t-online.de
Sat May 17 02:39:16 PDT 2003
thanks for replying.
well, i've tried adding "auth_algs=2" to hostapd.conf but hostapd
complained about an unknown config statement.
anyway. to be honest:
the things i heard of so far regarding security of wlans made me think
of securing anything that comes via air (layer 3/4) and not to try
securing wlan itself more than it is obviously capable of (mac address
based inclusion/exclusion of STA seems to be the only real sort of
"protection" on the wlan but i'm quite sure that someone has already
cracked even this), since WEP has been cracked quite a short time after
it was made public. so leaving WEP alone and trying to secure anything
that's "behind" it seems to make much more sense to me.
despite of all this i do not want to forget one thing:
i would really like to thank you and everyone who has contributed to
this absolutely fine piece of software for inventing, engineering and
spending their spare time on hostap !
Jouni Malinen schrieb:
>On Tue, Apr 29, 2003 at 08:06:29AM +0200, m_pawlowski at t-online.de wrote:
>>i probably missed something by reading thru the doc but the thing that
>>scares me a bit is that authentication is possible even without
>>encryption (which scares me a bit). i'm sure i missed sth. can you or
>>anyone else tell me how to prevent unencrypted authentication, please?
>That is expected behavior of IEEE 802.11 Open System authentication
>algorithm. It allows anyone to authenticate and associate no matter
>whether they know the WEP key or not.
>You can use Shared Key authentication algorithm if you want to deny
>authentication without some knowledge of the used key or suitable part
>of pseudo-random stream used in encryption. This does not really add any
>security since it trivial to copy the needed pseudo-random stream from
>any other authentication sequence and use it to fake authentication.
>Anyway, it will enable some kind of notification of user about incorrect
>You can configure this by changing Host AP driver's configuration for
>allowed authentication algorithms. Set prism2_param ap_auth_algs to 2
>(or hostapd.conf auth_algs=2 if you are using hostapd) and only shared
>key authentication is accepted.
More information about the Hostap