IEEE8021X and WEP40

Zhu Yi yi.zhu
Wed Sep 9 00:12:00 PDT 2009

On Wed, 2009-09-09 at 14:53 +0800, Jouni Malinen wrote:
> I don't see any good solution for this apart from some hacks in the
> driver (or firmware). Unless you are sure (and make sure wpa_supplicant
> knows that) that the dynamic keying option is not used, wpa_supplicant
> does not have the information needed to determine which key length will
> eventually be used. In other words, the WEP key could change from
> 40-bit static key to 104-bit dynamic key in this type of configuration.
> Currently, there is no flag to state that no dynamic keys with IEEE
> 802.1X are used. Setting eapol_flags=0 would get close, but it is not
> exactly the same (it says that keys are not required, but they could
> still be set). It could be fine to add a code that updates the cipher
> based on the static key configuration if eapol_flags=0 is set.
> Alternatively, add a new eapol_flags value for indicating that no key
> will be set (and make wpa_supplicant ignore EAPOL-Key frames in that
> case) and only then update the cipher based on the static WEP key
> configuration.

I agree it would be impossible for wpa_supplicant to know the cipher at
this time (wpa_supplicant_associate) when dynamic WEP is used. But do
you think the patch [1] is an improvement at least? Currently we simply
assume WEP104 all the time. But if there is some indication from the
config file (i.e. group=WEP40), can we use that by default? I'm not sure
if WEP104 is more popular over WEP40 for dynamic WEP though. Otherwise,
you can ignore my comment.



More information about the Hostap mailing list