WEP question and WPA/WPA2 password detection

Dan Williams dcbw at redhat.com
Wed Mar 1 15:09:35 PST 2017

On Wed, 2017-03-01 at 22:57 +0100, Radoslaw Martyniszyn wrote:
> Hello,
> Thank you very much for answer to my previous question, it helped me.
> Could you please address a few another questions:
> 1) Is it possible with wpa_supplicant d-bus api to detect if AP
> supports WEP security? I need to distinguish somehow WEP security
> from
> AP without security.

An AP that supports only WEP would set the Privacy bit in its beacon
and would not include and WPA/RSN-related Information Elements.

WPA-capable access points also set the Privacy bit, but will advertise
WPA/RSN IEs.  I could be wrong, but an AP can also support both WEP and
WPA-PSK simultaneously.  I forget what IEs the AP advertises in this
situation, but you can't rely on them because a plain WEP client would
be ignorant of them anyway.

There are other corner cases like Dynamic WEP (eg, WEP + 802.1x
authentication instead of a passphrase) which you cannot really detect
via the beacons, the user simply has to know that the AP requires
Dynamic WEP and configure the client accordingly.

> 2) How could I detect that password entered for WPA/WPA2 connection
> is
> incorrect? I am getting bunch of events DisconnectReason with value 2
> "Previous authentication no longer valid"
> (https://supportforums.cisco.com/document/141136/80211-association-st
> atus-80211-deauth-reason-codes#Deauth_Reason_Codes)
> when I AddNetwork and SelectNetwork with invalid psk. I am not sure
> if
> that is the correct method for checking incorrect password

See could_be_psk_mismatch() in the wpa_supplicant sources.  A
disassociation event during the 4-way handshake when WPA-PSK (as
opposed to 802.1x) is used is most often a wrong PSK.

3) What is Country property needed for? Is it needed to disallow scan
> on some frequencies required by regulations in some countries?

I don't know the answer to this question so I'll leave it to others.


> Thanks in advance for your help.
> BR,
> Radek
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap

More information about the Hostap mailing list