Is the MIC of EAPoL-Key (2/4) affected by the .11 driver?

Ali Bahar ali at internetdog.org
Mon Jun 20 06:40:27 EDT 2011


On Mon, Jun 20, 2011 at 04:24:16PM +0800, Ali Bahar wrote:
> On Sat, Jun 18, 2011 at 09:35:31AM -0700, Jouni Malinen wrote:

> > Which AP is this? Can you please send a verbose debug log from
> 
> I tried a different AP, and it worked. So the culprit was the EdiMax
> AP. 
> More on this in a few hours.
> 
> thanks,
> ali

I tried an ASUS RT-N10 (which, again, seems to run linux), and it
worked. The psk was "can I see" ie with two spaces.
Clearly, the fault was at the AP end ie with the code in the EdiMax
BR-6228nC. The wpa_supplicant v0.8.x ran fine.

In summary:

Running wpa_supplicant v0.8.x to set up a secure, 802.11 WPA2 session
with the Edimax AP, resulted in a failure. The EAPOL-Key 2/4 packet
was rejected, with the Reason Code being 0x000e "Message integrity
code (MIC) failure" -- though wireshark erroneously labeled it as a
"Michael MIC failure". WPA1 resulted in a rejection as well, whereas
insecure communication always worked.

The cause was that the AP does not properly handle spaces (' ') in the
psk (shared key).

Thanks much to Jouni for pointing out the character set/encoding as a
frequent cause of this.

thanks,
ali
PS the EdiMax source tarball refers to 2.6.30, and even 2.4.18 linux!
And their web site offers no firmware updates.



More information about the HostAP mailing list