wpa_supplicant -> EAP-TTLS/PAP, madwifi-ng (Atheros), problem

Dan Williams dcbw
Tue Oct 17 08:42:41 PDT 2006


On Tue, 2006-10-17 at 08:00 -0700, Sam Schinke wrote:
> On Saturday 14 October 2006 07:13, Jouni Malinen wrote:
> > On Fri, Oct 13, 2006 at 04:12:20PM -0700, Sam Schinke wrote:
> > > > On Wed, Oct 11, 2006 at 07:04:45PM +0200, sabx wrote:
> > > > >                     IE: WPA Version 1
> > > > >                         Group Cipher : WEP-40
> > > > >                         Pairwise Ciphers (1) : WEP-40
> > > > >                         Authentication Suites (1) : 802.1x
> > >
> > > I get the same pairwise cipher on my netgear router which I connect to
> > > using WPA in linux and windows. Or is this cipher suite only invalid in
> > > the context of EAP_TTLS/PAP (etc).
> >
> > Np, that is invalid in any context if WPA is being used. It sounds like
> > there is some kind of bug in either the AP or the client (driver or
> > iwlist).. iwlist (v28) works fine in my tests, so I don't know what is
> > causing this.
> 
> Is there any debugging I can assist with? This is a ndiswrapper Broadcomm 43xx 
> wireless laptop connecting to a netgear router.
> 
> This isn't something that would be valid with WPA v 1, which I though was 
> designed to re-use as many WEP cryptographic algorithms as possible? I could 
> understand it being invalid with WPA v 2 which is supposed to use AES.

WPA1 uses TKIP, which is an algorithm that is designed to reuse as much
_hardware_ on the card as possible, but is not compatible with WEP.  The
idea was that, to get better security than WEP, and as a stop-gap
measure, manufacturers only had to update the firmware and driver [1] of
the card because the TKIP algorithm could use the same silicon
encryption engines that were already on cards.  WPA2 with CCMP/AES, on
the other hand, requires hardware changes.

Dan

[1] How many actually did that?  I can count on one hand.  At least
Cisco did, but not many consumer-level devices ever got updated firmware
because their product cycles are too short and security wasn't a
selling-point for consumers at the time.

> Regards,
> Sam
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap





More information about the Hostap mailing list