about "Open System" and "Shared System" Authentication Type?

Dan Williams dcbw
Wed Oct 15 08:04:26 PDT 2008


On Wed, 2008-10-15 at 09:19 +0800, c4linux c4linux wrote:
> Hi all
> 
> What is the differents between "Open System Authentication Type" and "
> Shared System Authentication Type"?

Open System actually doesn't do authentication.  For Shared Key
authentication, the AP sends some challenge text to the station, which
the station encrypts with the WEP key, and sends back to the AP.  The AP
also encrypts the challenge text, and if that matches what the station
sends back, then the authentication is allowed.

> Why "Open System" is considered more secure? Thank you!

Because of weaknesses in the Shared Key auth protocol, sniffing the
Shared Key exchanges will let you infiltrate the network _faster_ than
using no authentication (ie, Open System).

http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf

Dan




More information about the Hostap mailing list