Unable to connect to AP via WPA-PKS/CCMP
Jouni Malinen
jkmaline
Sun Oct 9 20:27:12 PDT 2005
On Sun, Oct 09, 2005 at 11:22:06PM +0200, Thomas Heinz wrote:
> I have made an interesting observation. After using a clear text psk in
> wpa_supplicant.conf, everything works as expected. I have attached two
> files where clear.log contains the output of `wpa_supplicant -ddd -Dhostap
> -c /etc/wpa_supplicant.conf -i wlan0` with clear text psk and hex.log with
> the psk generated by wpa_passphrase. Line 128/clear.log shows that a 123
> byte message has been received whereas line 127/hex.log indicates that
> only 99 bytes have been received.
"Clear text psk" is somewhat misleading name for ASCII passphrase. Your
clear.log shows a successful 4-Way Handshake and hex.log looks like the
AP is rejecting authentication at a point which would most likely
indicate incorrect PSK.
Are you sure you used the correct SSID when running wpa_passphrase? PSK
is derived from both ASCII passphrase and SSID and if either one is
changed, the PSK would be different.
> Although my problem is now solved, I am very interested in the reason for
> that. Maybe the logs are helpful to you in this respect. If you need
> further information, please let me know.
I would guess that the PSK from wpa_passphrase run was not correct and
the most likely reason for this would be incorrect ASCII passphrase or
SSID. If you add -K to wpa_supplicant command line, the debug log
includes PSK. That would allow you to verify whether the PSK derived by
wpa_supplicant matches with the one derived by wpa_passphrase. Just
don't send out those logs if the PSK is a used in a real network..
> There is one more issue, I would like to know. Do the log files or
> `hostap_diag -a wlan0` reveal any information that makes breaking the
> encryption easier compared to sniffing the packets?
> I noticed several "[REMOVED]" tags in the logs so I guess it is at least
> not obvious.
The goal is that debug logs do not include any secret material if -K is
not specified on the command line and I don't think hostap_diag would
include any key material, either.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list