correct group cipher setting

Dan Williams dcbw
Mon Jan 12 09:18:20 PST 2009


On Mon, 2009-01-12 at 18:23 +0200, Chuck Tuffli wrote:
> What is the correct value for group cipher (i.e. ssid->group_cipher)
> in the case of an open network (no encryption)? I naively assumed it
> should be WPA_CIPHER_NONE, but if it is, the saved configuration file
> causes an error:

Open networks do not need the pairwise or group keys at all.  Don't even
bother putting them in the network block.

Dan


> ctrl_interface=/var/run/wpa_supplicant
> update_config=1
> 
> network={
>         ssid="NTGR_cNmZJtNunetOUlfXqMumTotwLxZ"
>         scan_ssid=1
>         key_mgmt=NONE
>         pairwise=NONE
>         group=NONE
>         auth_alg=OPEN
>         eap=WPS
>         identity="WFA-SimpleConfig-Enrollee-1-0"
> }
> 
> ...
> 1064.259272: scan_ssid=1 (0x1)
> 1064.261436: key_mgmt: 0x4
> 1064.262843: pairwise: 0x1
> 1064.264451: Line 9: not allowed group cipher (0x1).
> 1064.266121: Line 9: failed to parse group 'NONE'.
> 
> Should wpa_config_parse_group() allow WPA_CIPHER_NONE as a valid group
> cipher or does this open an exploit? Note this is running 0.5.10 with
> my WPS patch, but the logic looks the same as 0.6.x.
> 
> ---chuck
> 
> 
> ______________________________________________________________________
> DSP Group, Inc. automatically scans all emails and attachments using
> MessageLabs Email Security System.
> _____________________________________________________________________
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap




More information about the Hostap mailing list