about "Open System" and "Shared System" Authentication Type?

Dan Williams dcbw
Tue Nov 25 06:41:59 PST 2008

On Tue, 2008-11-25 at 17:21 +0800, c4linux c4linux wrote:
> Thanks for your help
> But i found that if I set AP with a password in an OpenSystem
> Authentication, STA can always connect the AP and access its
> resource , Why? OpenSystem Authentication need no password? 

You have to separate encryption (WEP/WPA/etc) from authentication
(Shared Key/Open System).  For example, WPA uses Open System
exclusively, but it's more secure because it protects the communication
with a strong encryption algorithm.

Open System is used even in unencrypted mode (ie, no WEP or WPA
enabled).  But it can also be used with encryption enabled.

It's the _encryption_, not the Open System/Shared Key authentication,
that makes your access point secure more secure with WEP.  It sounds
like you've turned off encryption completely.


> 2008/10/16 Dan Williams <dcbw at redhat.com>
>         On Thu, 2008-10-16 at 10:20 +0800, c4linux c4linux wrote:
>         > >>Open System actually doesn't do authentication.
>         >
>         >
>         > authentication = encryption?
>         No, they are different.  But Shared Key authentication _uses_
>         the WEP
>         encryption algorithm as access control.
>         > So Why I can do WEP encryption in an Open System
>         authentication? I'm
>         > confused between authentication and encryption :(
>         They are two different things.  Authentication determines
>         whether or not
>         a user is allowed to access the system in the first place,
>         while
>         encryption protects the content of their messages _after_ they
>         have been
>         granted access to the system.  But to preserve security and
>         prevent
>         spoofed authentications, some authentication methods also
>         employ
>         encryption as part of the process, but it's a separate step
>         from the
>         encryption that happens after the user has gained access to
>         the system.
>         Dan

More information about the Hostap mailing list