Hostapd and WEP - Does it work?

SR Dasgupta srdasgupta
Wed Sep 17 02:23:40 PDT 2003


I didnot get any reply to my prev. mail. It seems that not many
here are interested in using Hostapd and WEP. Or is it
that my description below was not clear enough?

-----Old Message-----

Setup
=====
Supplicant 	- WinXP without SP1
AP 		- MIPS platform with Hostapd running
RADIUS 	- FreeRADIUS and Oddessy Server (for testing TLS only).
You can download the evaluation version of oddessy at www.funk.com.

Successful Testings
===============
1. EAP-MD5 	- This works fine.
2. EAP-TLS 	- This works fine as well.


Problems Areas
===============
WEP -
This is a pain in the neck for me. WEP works simply great with hostap 
driver
and "hostapd NOT RUNNING" i.e. configuring WEP using iwconfig.
The following are the testing that I have carried out and my observations:

------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------
Case 1:
1. Disable WEP key options in hostapd.conf. IEEE 802.1x and RADIUS should 
also be disabled.
2. Start hostapd (" # hostapd -d /etc/hostapd.conf & "). The daemon would 
run but not do nay stuff.
3. Set WEP keys using iwconfig (" # iwconfig eth2 key 1 904f00109c ").
	We have configured eth2 instead if wlan0.
4. Configure the XP with same WEP keys and index.

Observation 1: WEP encryption works. This case should not be a problem 
anyways. It was just to test the driver.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 2:
1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to 
see the values)
2. Enable following WEP key options in hostapd.conf

	wep_key_len_broadcast=5
	# wep_key_len_unicast=5
	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
	wep_rekey_period=0	

     Keep the 802.1x and RADIUS options disabled. The rotation is disabled 
as evident

3. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
4. View WEP keys using iwlist (" # iwlist eth2 key ").

	# iwlist eth2 key
	eth2      2 key sizes : 40, 104bits
	          4 keys available :
            	    [1]: 904F-0010-9C (40 bits)
	                [2]: off
            	    [3]: off
	                [4]: off
          Current Transmit Key: [1]
          Security mode:open

5. Configure the XP with same WEP keys and index.

Observation 2: There is no packet transfer between XP supplicant and AP. 
This was observed with ethereal.
To me this is real strange. Why should things not work when Hostapd is 
running and key rotation is disabled? How
does this differ from Case I.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 3:
Repeat Case 2 but now enable key rotation ("wep_rekey_period=300"). In XP, 
enable WEP and "The key is provided for me automatically" options.

Observation 3: The result is the same as observation 2. In this case, 
hopefully I did the right thing in XP.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 4: (WEP & MD5)
1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to 
see the values)
2. Enable following WEP key options in hostapd.conf

	wep_key_len_broadcast=5
	# wep_key_len_unicast=5
	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
	wep_rekey_period=0	

	Rekeying is 0 since as far as I know, MD5 doesnot support it.

3. Enable IEEE 802.1x in hostapd.conf (ieee8021x=1). Configure RADIUS 
setting correctly.
4. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
5. View WEP keys using iwlist (" # iwlist eth2 key ").

	# iwlist eth2 key
	eth2      2 key sizes : 40, 104bits
	          4 keys available :
            	    [1]: 904F-0010-9C (40 bits)
	                [2]: off
            	    [3]: off
	                [4]: off
          Current Transmit Key: [1]
          Security mode:open
5. Configure the XP with same WEP keys and index. Configure Authentication 
as MD5.

Observation 4: The result is the same as observation 2.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------
Case 5: (WEP & TLS)
Repeat Case 4 but for the following:
1. Configure RADIUS setting correctly, this time for Oddessy server.
2. Configure Oddessy Server correctly.
3. Use Oddessy Client on WinXP and configure correctly. Use WEP option and 
specify the same key as on AP. Disable key rotation in the client.

Note: The above steps were carried out for successful EAP-TLS testing.

Observation 5: The result is the same as observation 2.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 6: (WEP & TLS - key rotation)
Repeat Case 4 but for the following:
1. Enable key rotation ("wep_rekey_period=300") in hostapd.conf. Keep 
802.1x option enabled (ieee8021x=1). Configure RADIUS setting correctly, 
this time for Oddessy server.
2. Configure Oddessy Server correctly.
3. Use Oddessy Client on WinXP and configure correctly for automatic key 
rotation.

Note: The above steps were carried out for successful EAP-TLS testing.

Observation 5: The result is the same as observation 2.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Note: I have used unicast key setting as well but it has not helped.





More information about the Hostap mailing list