WEP fails with Unsupported authentication algorithm (7820)

Jouni Malinen j at w1.fi
Sat Aug 22 10:24:39 EDT 2020 

On Mon, Aug 17, 2020 at 07:30:10PM +0200, Yegor Yefremov wrote:
> > > > > > > During the transition from wpa_supplicant v2.4 to v2.9 on a legacy
> > > > > > > project I get the following message:
> > > > > > >
> > > > > > > mgmt::auth
> > > > > > > authentication: STA=7c:dd:90:44:a5:83 auth_alg=7820
> > > > > > > auth_transaction=112 status_code=31962 wep=1 seq_ctrl=0x60a0
> > > > > > > Unsupported authentication algorithm (7820)
> > > > > > > authentication reply: STA=7c:dd:90:44:a5:83 auth_alg=7820
> > > > > > > auth_transaction=113 resp=13 (IE len=0) (dbg=handle-auth)

That was supposed to be the Authentication frame with transaction number
3 which is the only Authentication frame is transmitted encrypted using
WEP. It looks like the driver used here does not support this case in a
way that hostapd (or wpa_supplicant AP mode which shares the same
implementation) expect.. Those values here look like the payload of that
frame did not end up getting decrypted.

> > > > > The old working rootfs had wpa_supplicant 2.4 but I have also tested
> > > > > it with the same kernel version 5.4.8. wpa_supplicant 2.10 has no
> > > > > problem with WPA/WPA2 and no encryption. The only problem so far is
> > > > > WEP.

I'm not sure what triggers this issue to show up just now with a newer
snapshot of wpa_supplicant, but my first guess would be that this was
using open system authentication before and now just happens to be ended
up using shared key authentication (i.e., I'd expect that shared key
authentication would not have worked even with the older version).

> > > Both sides auth_alg=SHARED - KO but both sides OPEN - OK.

I cannot reproduce this with another driver nor do I know of any issues
(or any recent changes) in this part of the functionality in
hostapd/wpa_supplicant. Taken into account the current state of WEP, I'm
not sure there would be much point in trying to debug this any further
with the particular driver used here to try to get that combination
working for shared key authentication. If you really have to continue to
support WEP, I'd go with open system authentication instead, but really,
WEP should not be used anymore..

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list