Re: WEP question and WPA/WPA2 password detection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2017-03-01 at 22:57 +0100, Radoslaw Martyniszyn wrote:
> Hello,
> 
> Thank you very much for answer to my previous question, it helped me.
> Could you please address a few another questions:
> 
> 1) Is it possible with wpa_supplicant d-bus api to detect if AP
> supports WEP security? I need to distinguish somehow WEP security
> from
> AP without security.

An AP that supports only WEP would set the Privacy bit in its beacon
and would not include and WPA/RSN-related Information Elements.

WPA-capable access points also set the Privacy bit, but will advertise
WPA/RSN IEs.  I could be wrong, but an AP can also support both WEP and
WPA-PSK simultaneously.  I forget what IEs the AP advertises in this
situation, but you can't rely on them because a plain WEP client would
be ignorant of them anyway.

There are other corner cases like Dynamic WEP (eg, WEP + 802.1x
authentication instead of a passphrase) which you cannot really detect
via the beacons, the user simply has to know that the AP requires
Dynamic WEP and configure the client accordingly.

> 2) How could I detect that password entered for WPA/WPA2 connection
> is
> incorrect? I am getting bunch of events DisconnectReason with value 2
> "Previous authentication no longer valid"
> (https://supportforums.cisco.com/document/141136/80211-association-st
> atus-80211-deauth-reason-codes#Deauth_Reason_Codes)
> when I AddNetwork and SelectNetwork with invalid psk. I am not sure
> if
> that is the correct method for checking incorrect password

See could_be_psk_mismatch() in the wpa_supplicant sources.  A
disassociation event during the 4-way handshake when WPA-PSK (as
opposed to 802.1x) is used is most often a wrong PSK.

3) What is Country property needed for? Is it needed to disallow scan
> on some frequencies required by regulations in some countries?

I don't know the answer to this question so I'll leave it to others.

Dan

> 
> Thanks in advance for your help.
> 
> BR,
> Radek
> 
> _______________________________________________
> Hostap mailing list
> Hostap@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/hostap

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux