IEEE8021X and WEP40

Zhu Yi yi.zhu at intel.com
Wed Sep 9 03:12:00 EDT 2009


On Wed, 2009-09-09 at 14:53 +0800, Jouni Malinen wrote:
> I don't see any good solution for this apart from some hacks in the
> driver (or firmware). Unless you are sure (and make sure wpa_supplicant
> knows that) that the dynamic keying option is not used, wpa_supplicant
> does not have the information needed to determine which key length will
> eventually be used. In other words, the WEP key could change from
> 40-bit static key to 104-bit dynamic key in this type of configuration.
> 
> Currently, there is no flag to state that no dynamic keys with IEEE
> 802.1X are used. Setting eapol_flags=0 would get close, but it is not
> exactly the same (it says that keys are not required, but they could
> still be set). It could be fine to add a code that updates the cipher
> based on the static key configuration if eapol_flags=0 is set.
> Alternatively, add a new eapol_flags value for indicating that no key
> will be set (and make wpa_supplicant ignore EAPOL-Key frames in that
> case) and only then update the cipher based on the static WEP key
> configuration.

I agree it would be impossible for wpa_supplicant to know the cipher at
this time (wpa_supplicant_associate) when dynamic WEP is used. But do
you think the patch [1] is an improvement at least? Currently we simply
assume WEP104 all the time. But if there is some indication from the
config file (i.e. group=WEP40), can we use that by default? I'm not sure
if WEP104 is more popular over WEP40 for dynamic WEP though. Otherwise,
you can ignore my comment.

1. http://patchwork.kernel.org/patch/41004/

Thanks,
-yi



More information about the HostAP mailing list