Re: WEP and authentication modes

From: Jouni Malinen (
Date: 2002-04-11 17:48:08 UTC

On Thu, Apr 11, 2002 at 06:28:38PM +0100, wrote:

> WEP itself seems to work fine with 40 and 104 bit keys. However, the
> driver does not appear to have any implimentation of shared key
> authentication, so we were getting 'unknown authentication algorithm (1)'
> in the linux syslogs. Sure enough, a quick look at the code seems to
> indicate that only open system is currently implimented - changing the
> clients to use open system makes it all work.

Yes, that's true. There was not much point in implementing shared key authentication before WEP was supported, but now that WEP seems to work, it would be possible to implement also it. I could consider implementing it for the completeness sake, but it should be noted that it does not help much with security..

> However, I'm rather puzzled by the reference in the change log saying 'use
> restricted as default WEP mode instead of open'. Why was the default set
> to restricted if restricted does not do anything? (It apparently ignores
> this setting and works in open mode regardless.)

These are two completely different things. Restricted WEP mode refers to mode that is configured with 'iwconfig wlan0 mode restricted' (as an alternative for 'iwconfig wlan0 mode open'). Restricted mode drops unencrypted frames, whereas open mode accepts them, but encrypts send frames.

Jouni Malinen                                            PGP id EFC895FA

This archive was generated by hypermail 2.1.4.