wpa_supplicant WPA crashes Sitecom WL-114 router
Jouni Malinen
jkmaline
Thu Mar 24 19:00:12 PST 2005
On Thu, Mar 24, 2005 at 03:44:12PM +0100, Lorenzo Colitti wrote:
> Ok, capture file attached. The differences I can see are the following:
>
> - Windows starts by requesting a WPA key of length 0, and then tries
> again requesting a key of length 32.
I'm not sure what you mean by this. Client side does not request any
specific key length in 4-Way Handshake.
> - There is no group handshake??? All I can see is the following:
>
> 1. STA -> AP EAPOL start
> 2. AP -> STA Key req (len 0)
> 3. STA -> AP Key
> 4. AP -> STA Key req (len 32) (1/4?)
> 5. STA -> AP Key (2/4?)
> 6. AP -> STA Key (3/4?)
> 7. STA -> AP Key (4/4?)
The sent frames in wpa.pcap were:
STA -> AP EAPOL-Start
AP->STA WPA 1/4
STA->AP WPA 2/4
AP->STA WPA 1/4 (apparently AP did not receive 2/4 soon enough)
STA->AP WPA 2/4
AP->STA WPA 3/4
STA->AP WPA 4/4
This is followed by group key handshake (encrypted):
AP->STA WPA group 1/2
STA->AP WPA group 2/2
> and then data. Is this possible? Using wpa_supplicant I also see group
> key exchange mechanisms. Or is the group key exchange encrypted using
> the pairwise key, so I can't see it using ethereal?
If you were to use wireless sniffer in monitor mode for both cases, you
should see the group key exchange being encrypted. If you run a sniffer
on the client machine using wpa_supplicant, you will see decrypted
packets since encryption/decryption is done in the driver, not
wpa_supplicant.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list