WEP-Open Key Auth - detection of Decryption Failures???

Bryan Kadzban bryan
Tue Feb 21 09:44:28 PST 2006

On Tue, Feb 21, 2006 at 12:08:30PM -0500, Tony Espy wrote:
> Hmmmmm, the bad rx decrypt count definately seems to increase in this 
> case... once associated with an AP, are there management packets that 
> it'll send that are encrypted with the WEP key?

As I understand it, no.  No encryption method (WEP, WPA, or RSN) encrypts
or authenticates management frames.  That's why it's trivial to find out
an SSID or capture the 4-way handshake -- Deauthenticate frames (which
is what the AP sends to tell a client to disassociate) are not encrypted
at all.  So you can forge a Deauthenticate frame, and the target STA
will reassociate (which gives you the SSID) and redo the 4-way handshake
(which will allow you to capture that).

The IEEE 802.11w standard will eventually provide a way to encrypt
management frames (which, assuming the encryption is based on the PMK
somehow, will also authenticate them), but that's only in the very early
stages of standardization at this point.  Apparently (at least according
to the Wikipedia entry on 802.11w, which may be wrong) the target date
for ratification of .11w is March 2008, so it's still about 2 years away.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060221/847ee59c/attachment.pgp 

More information about the Hostap mailing list