Hostapd and WEP - Does it work?

Jose Araujo jlaraujo
Wed Sep 17 07:38:26 PDT 2003 

Hi,

Have you tried setting eapol_key_index_workaround=0 i use WinXP latest 
service pack and it doesn't require that setting ?

EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only 
if only broadcast keys are used);

But then again i am using both keys with encription. I don't understand 
why would you want to protect only broadcast traffic ?

Jos? Araujo



SR Dasgupta wrote:

>I didnot get any reply to my prev. mail. It seems that not many
>here are interested in using Hostapd and WEP. Or is it
>that my description below was not clear enough?
>
>-----Old Message-----
>
>Setup
>=====
>Supplicant 	- WinXP without SP1
>AP 		- MIPS platform with Hostapd running
>RADIUS 	- FreeRADIUS and Oddessy Server (for testing TLS only).
>You can download the evaluation version of oddessy at www.funk.com.
>
>Successful Testings
>===============
>1. EAP-MD5 	- This works fine.
>2. EAP-TLS 	- This works fine as well.
>
>
>Problems Areas
>===============
>WEP -
>This is a pain in the neck for me. WEP works simply great with hostap 
>driver
>and "hostapd NOT RUNNING" i.e. configuring WEP using iwconfig.
>The following are the testing that I have carried out and my observations:
>
>------------------------------------------------------------------------  
>------------------------------------------------------------------------  
>------------------------------------
>Case 1:
>1. Disable WEP key options in hostapd.conf. IEEE 802.1x and RADIUS should 
>also be disabled.
>2. Start hostapd (" # hostapd -d /etc/hostapd.conf & "). The daemon would 
>run but not do nay stuff.
>3. Set WEP keys using iwconfig (" # iwconfig eth2 key 1 904f00109c ").
>	We have configured eth2 instead if wlan0.
>4. Configure the XP with same WEP keys and index.
>
>Observation 1: WEP encryption works. This case should not be a problem 
>anyways. It was just to test the driver.
>------------------------------------------------------------------------  
>------------------------------------------------------------------------  
>------------------------------------
>
>Case 2:
>1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to 
>see the values)
>2. Enable following WEP key options in hostapd.conf
>
>	wep_key_len_broadcast=5
>	# wep_key_len_unicast=5
>	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
>	wep_rekey_period=0	
>
>     Keep the 802.1x and RADIUS options disabled. The rotation is disabled 
>as evident
>
>3. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
>4. View WEP keys using iwlist (" # iwlist eth2 key ").
>
>	# iwlist eth2 key
>	eth2      2 key sizes : 40, 104bits
>	          4 keys available :
>            	    [1]: 904F-0010-9C (40 bits)
>	                [2]: off
>            	    [3]: off
>	                [4]: off
>          Current Transmit Key: [1]
>          Security mode:open
>
>5. Configure the XP with same WEP keys and index.
>
>Observation 2: There is no packet transfer between XP supplicant and AP. 
>This was observed with ethereal.
>To me this is real strange. Why should things not work when Hostapd is 
>running and key rotation is disabled? How
>does this differ from Case I.
>------------------------------------------------------------------------  
>------------------------------------------------------------------------  
>------------------------------------
>
>Case 3:
>Repeat Case 2 but now enable key rotation ("wep_rekey_period=300"). In XP, 
>enable WEP and "The key is provided for me automatically" options.
>
>Observation 3: The result is the same as observation 2. In this case, 
>hopefully I did the right thing in XP.
>------------------------------------------------------------------------  
>------------------------------------------------------------------------  
>------------------------------------
>
>Case 4: (WEP & MD5)
>1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to 
>see the values)
>2. Enable following WEP key options in hostapd.conf
>
>	wep_key_len_broadcast=5
>	# wep_key_len_unicast=5
>	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
>	wep_rekey_period=0	
>
>	Rekeying is 0 since as far as I know, MD5 doesnot support it.
>
>3. Enable IEEE 802.1x in hostapd.conf (ieee8021x=1). Configure RADIUS 
>setting correctly.
>4. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
>5. View WEP keys using iwlist (" # iwlist eth2 key ").
>
>	# iwlist eth2 key
>	eth2      2 key sizes : 40, 104bits
>	          4 keys available :
>            	    [1]: 904F-0010-9C (40 bits)
>	                [2]: off
>            	    [3]: off
>	                [4]: off
>          Current Transmit Key: [1]
>          Security mode:open
>5. Configure the XP with same WEP keys and index. Configure Authentication 
>as MD5.
>
>Observation 4: The result is the same as observation 2.
>------------------------------------------------------------------------  
>------------------------------------------------------------------------  
>------------------------------------
>Case 5: (WEP & TLS)
>Repeat Case 4 but for the following:
>1. Configure RADIUS setting correctly, this time for Oddessy server.
>2. Configure Oddessy Server correctly.
>3. Use Oddessy Client on WinXP and configure correctly. Use WEP option and 
>specify the same key as on AP. Disable key rotation in the client.
>
>Note: The above steps were carried out for successful EAP-TLS testing.
>
>Observation 5: The result is the same as observation 2.
>------------------------------------------------------------------------  
>------------------------------------------------------------------------  
>------------------------------------
>
>Case 6: (WEP & TLS - key rotation)
>Repeat Case 4 but for the following:
>1. Enable key rotation ("wep_rekey_period=300") in hostapd.conf. Keep 
>802.1x option enabled (ieee8021x=1). Configure RADIUS setting correctly, 
>this time for Oddessy server.
>2. Configure Oddessy Server correctly.
>3. Use Oddessy Client on WinXP and configure correctly for automatic key 
>rotation.
>
>Note: The above steps were carried out for successful EAP-TLS testing.
>
>Observation 5: The result is the same as observation 2.
>------------------------------------------------------------------------  
>------------------------------------------------------------------------  
>------------------------------------
>
>Note: I have used unicast key setting as well but it has not helped.
>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
>
>  
>

More information about the Hostap mailing list