Hi,

I'm new to wireless, but have done a lot of research.

I have a client and an AP using WEP. The client is using Open System and the AP is using Shared Key. Is it possible for the client to authenticate with the AP?

I thought this was not possible, but it seems to be. I would have thought that when the client receives the clear-text challenge message that it wouldn't know what to do with it.

I have an EDIMAX AR-7024Wg router and an EDIMAX PCI EW-7128g wireless card.

Before moving onto the wonders of WPA I have to suss WEP out first.

Thanks for anyone trying to help.

Sulligogs

There are keys for encryption/decryption, then there are keys for authentication. I think you are confusing the two.

I don't understand all the ins-and-out either, but I notice both of my devices do WPA, and set both for WPA, same parameters on both sides, voila. Done. Unless you're interested in the nuts&bolts of how/what does it.

Thanks bobb,

It's just curiosity. How can my AP be in Shared Key mode and my client in Open System mode, but yet still authenticate?

Unless, previously when I had the client in Shared Key mode the AP remembered it's MAC address and let it through.

When it comes to security I need to understand.

Sulligogs

I have tried this and it appears to work on some equipment and then not on different brands. Or I maybe running the tests incorrectly.

There are a few key points to mention. The only way it appears to work properly is if WEP is used and the client and AP are using the identical key. The client appears to be acknowledging the challenge frame by copying the challenge text into a third authentication frame and sending it back to the AP, after encrypting the frame with the correct WEP key. The AP then responds with a ACK frame.

One way to see what is exactly going on would be to have a third computer running in promiscuous mode with a packet sniffer like Ethereal. You would then see the actual handshake frames.

Also one other consideration. When using WPA all the clients and AP's are automatically using Open System Authorization because the WPA or 802.11x frames are simply "data" to the 802.11 MAC layer. Which theoretically means the station will have to go through 802.11 authentication and association before it can proceed with the WPA or 802.11x authentication. So on order to facilitate the network authentication as soon as possible when WPA or 802.11x is used Open System Authentication is enabled.

If you are interested in this material one of the best books to get would be the CWNA study guide. It is a great source of information.