IEEE8021X and WEP40

Jouni Malinen j
Tue Sep 8 23:53:19 PDT 2009

On Wed, Sep 09, 2009 at 10:34:27AM +0800, Zhu Yi wrote:
> No, I don't use dynamic WEP key after authentication. The problem is
> iwmc3200wifi needs to be configured with the correct cipher (WEP40 in
> this case) and keys. But wpa_supplicant provides WEP104 cipher with 5
> bytes keys. This confuses the firmware.

I don't see any good solution for this apart from some hacks in the
driver (or firmware). Unless you are sure (and make sure wpa_supplicant
knows that) that the dynamic keying option is not used, wpa_supplicant
does not have the information needed to determine which key length will
eventually be used. In other words, the WEP key could change from
40-bit static key to 104-bit dynamic key in this type of configuration.

Currently, there is no flag to state that no dynamic keys with IEEE
802.1X are used. Setting eapol_flags=0 would get close, but it is not
exactly the same (it says that keys are not required, but they could
still be set). It could be fine to add a code that updates the cipher
based on the static key configuration if eapol_flags=0 is set.
Alternatively, add a new eapol_flags value for indicating that no key
will be set (and make wpa_supplicant ignore EAPOL-Key frames in that
case) and only then update the cipher based on the static WEP key

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list