wrt54g ssid broadcast disabled
Lucia Di Occhi
saint_lucy
Wed Nov 2 18:20:24 PST 2005
Thank you for your reply. I did get it to work using only TKIP in the
config and removing CCMP, but I am curious about the statement you made
about EAS-CCMP. My router, the WRT54G, supports Security Mode WPA2-Personal
and two encryption algorithms:
TKIP+AES
AES
The router is configured for WPA2 and TKIP+AES but you are saying that
AES-CCMP is more secure. So my question is: what is the difference between
the two encryption options offered by the linksys WPA2 security mode, which
one is deemed more secure and why?
since my wpa_supplicant.conf now reads:
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
group=TKIP
what am I really using, is it WPA instead of WPA2 even if the AP is set for
WPA2?
Thanks.
>From: Bryan Kadzban <bryan at kadzban.is-a-geek.net>
>To: hostap at shmoo.com
>Subject: Re: wrt54g ssid broadcast disabled
>Date: Sun, 30 Oct 2005 17:52:30 -0500
>
>Lucia Di Occhi wrote:
> > Is there any configuration/workaround to connect to a wrt54g v3.1
> > latest firmware with disabled ssid broadcast? I am using the
> > ndiswrapper driver.
>
>Sure; check the sample config file, specifically the section on ap_scan.
>The ndiswrapper driver does support the required mode. ;-)
>
> > Spare me the talk about disabling SSID Broadcast when using WPA which
> > is secure, etc., etc.:-)
>
>Yes, WPA is "secure", so removing the SSID doesn't add much. (Actually
>WPA and TKIP are only an interim measure; the long-term fix is to move
>to WPA2 and AES-CCMP. TKIP wouldn't include countermeasures that get
>invoked when a MIC check fails, if it was a long-term fix. AES-CCMP
>doesn't include these countermeasures, because it doesn't need them.)
>
>But you should know that removing the SSID IE from the beacons wouldn't
>give you anything anyway, even with 40-bit WEP. The beacons still go
>out (they have to, otherwise the supplicant would not know whether the
>AP matched its security configuration, or whether a downgrade attack was
>happening), and the association-request/association-response frames
>include the SSID anyway. So anyone listening while an association
>happened would still know the SSID.
>
>But, if you still want to turn the SSID off, look at the sample config
>file, in the ap_scan section, as above.
><< signature.asc >>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
More information about the Hostap
mailing list