WEP-Open Key Auth - detection of Decryption Failures???

Jouni Malinen jkmaline
Tue Feb 21 18:57:12 PST 2006

On Tue, Feb 21, 2006 at 12:44:28PM -0500, Bryan Kadzban wrote:

> As I understand it, no.  No encryption method (WEP, WPA, or RSN) encrypts
> or authenticates management frames.  That's why it's trivial to find out
> an SSID or capture the 4-way handshake -- Deauthenticate frames (which
> is what the AP sends to tell a client to disassociate) are not encrypted
> at all.  So you can forge a Deauthenticate frame, and the target STA
> will reassociate (which gives you the SSID) and redo the 4-way handshake
> (which will allow you to capture that).

With the exception of authenticate frame seq #3 in shared key
authentication (which is encrypted with WEP), that is indeed the current

> The IEEE 802.11w standard will eventually provide a way to encrypt
> management frames (which, assuming the encryption is based on the PMK
> somehow, will also authenticate them), but that's only in the very early
> stages of standardization at this point.  Apparently (at least according
> to the Wikipedia entry on 802.11w, which may be wrong) the target date
> for ratification of .11w is March 2008, so it's still about 2 years away.

I would hope that it gets ratified before that, but anyway, that is just
one date.. TGw has an initial draft which is quite complete and there
were no major issues showing up at the Hawaii IEEE 802 meeting in
January. The task group held an internal review of the draft couple of
weeks ago and once the received comments from that are handled, it might
be time to start taking a look at implementing this. So far, 802.11w has
been one of the least contentious amendments at IEEE that I've been
somehow involved with ;-).

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list