wpa_supplicant fails and reports weird AP address in association
Bryan Kadzban
bryan
Mon Dec 18 11:18:38 PST 2006
Sergio Callegari wrote:
> on the linksys I chose /either/ no security /or/ wep /or/ wpa. In
> other terms, WEP and WPA appear as alternatives.
They are.
> On the Hamlet box I have a two step setup. First I chose whether to
> have basic cryptography or not (and this can be "open", "shared" or
> "both, with the possibility of setting a WEP key)...
Well... not exactly.
Open and shared refer to the 802.11 authentication, which happens just
before association. The "normal" WPA or WPA2 authentication, OTOH,
happens after association. Basically, never use shared authentication.
(Shared requires a WEP key. It also informs everyone sniffing your
association frames of that WEP key; it's *extremely* insecure. I don't
know how "both" would work, but AFAIK, WPA and WPA2 both require open.)
The open/shared choice should only be made if you configure the AP for
WEP.
> then on another setup stage I chose whether to have WPA-PSK or not,
> with the possibility of introducing a WPA-PSK key. So WEP and WPA
> appear as complementary.
They are not. It may be possible with some cards to do both WEP and WPA
on the same SSID, but I don't know how the card would choose. I don't
think there's any standard for it, in any case.
> is there a "proper" basic (wep?) cryptographic setup to be used with
> WPA? This is very confusing and the Hamlet manual does not help.
Authentication, as in the frames sent just before association, must be
set to open. WPA and WPA2 handle key exchange, ensuring the client is
authorized, and setting up data frame encryption.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20061218/12efa7bf/attachment.pgp
More information about the Hostap
mailing list