WEP encryption

m_pawlowski at t-online.de m_pawlowski
Sat May 17 02:39:16 PDT 2003 

hello, jouni.

thanks for replying.

well, i've tried adding "auth_algs=2" to hostapd.conf but hostapd 
complained about an unknown config statement.

anyway. to be honest:

the things i heard of so far regarding security of wlans made me think 
of securing anything that comes via air (layer 3/4) and not to try 
securing wlan itself more than it is obviously capable of (mac address 
based inclusion/exclusion of STA seems to be the only real sort of 
"protection" on the wlan but i'm quite sure that someone has already 
cracked even this), since WEP has been cracked quite a short time after 
it was made public. so leaving WEP alone and trying to secure anything 
that's "behind" it seems to make much more sense to me.

despite of all this i do not want to forget one thing:

i would really like to thank you and everyone who has contributed to 
this absolutely fine piece of software for inventing, engineering and 
spending their spare time on hostap !

thank you!

regards,
-mp.

Jouni Malinen schrieb:

>On Tue, Apr 29, 2003 at 08:06:29AM +0200, m_pawlowski at t-online.de wrote:
>
>  
>
>>i probably missed something by reading thru the doc but the thing that 
>>scares me a bit is that authentication is possible even without 
>>encryption (which scares me a bit). i'm sure i missed sth. can you or 
>>anyone else tell me how to prevent unencrypted authentication, please?
>>    
>>
>
>That is expected behavior of IEEE 802.11 Open System authentication
>algorithm. It allows anyone to authenticate and associate no matter
>whether they know the WEP key or not.
>
>You can use Shared Key authentication algorithm if you want to deny
>authentication without some knowledge of the used key or suitable part
>of pseudo-random stream used in encryption. This does not really add any
>security since it trivial to copy the needed pseudo-random stream from
>any other authentication sequence and use it to fake authentication.
>Anyway, it will enable some kind of notification of user about incorrect
>WEP key.
>
>You can configure this by changing Host AP driver's configuration for
>allowed authentication algorithms. Set prism2_param ap_auth_algs to 2
>(or hostapd.conf auth_algs=2 if you are using hostapd) and only shared
>key authentication is accepted.
>
>  
>

More information about the Hostap mailing list