Posted: Tue Jul 04, 2006 19:57 Post subject: Open AP: WLan encryption without preshared key...?
We would like to run an open access point with traffic encryption to protect anonymous users from airsnorting...
Is it possible to enable wlan encryption without the requirement of a preshared key...?
How/Why...?
What does DD-WRT / Wireless / Advanced Settings / Authentication Type
do with the options Auto and Preshared key...?
The Help definition doesn't actually say anything about the setting, just stating the obvious:
Code:
The default is set to Auto, which allows either Open System or Shared Key authentication to be used. For Open System authentication, the sender and the recipient do NOT use a WEP key for authentication. For Shared Key authentication, the sender and recipient use a WEP key for authentication. If you want to use only Shared Key authentication, then select Shared Key.
Why would it only be possible to use Authentication Type = Auto with WEP...?
When setup described above the client cant acquire an ip-address.
Last edited by qriff on Tue Jul 04, 2006 21:26; edited 2 times in total
As I know, the Authentication Type is always open when you use WPA AES, and the shared key is used only from WEP and shared key is more secure than Open type for WEP. But if you can, use highest security level - WPA2 AES with strong 63 key and small renew intervall. If you can't use WPA2 - use WPA1 - AES. Do not use TKIP - that isn't secure enough and will slow down your overall network speed. WEP is easy to hack. Do not use it.
Use WPA2 AES or WPA AES, 63 key, smaller than 3600 renew intervall.
Use MAC filter List anyway, and If you don't have troubles with disabled ssid, then leave it disable.
What does "Authentication Type is (always) open" mean...?
That is my question.
I would like to not use a preshared key but still have the encryption.
This is something I have never figured out with WLan's... how to run an open AP/Hotspot and provide anonymous users with a protected connection to the AP itself...
authentication is what it takes for a client to "associate." For example, with WEP and open authentication, a client can associate with an AP without knowing the WEP. they can't send or recieve traffic, because it is encrypted, but they can technically "connect."
Shared key requires them to provide the wep key before the AP even considers them connected.
I am fairly certain that WPA and WEP Radius require open authentication because of the challenge/responce required to establish the encryption. If it were shared key, the client would not be able to connect enough to even attempt a handshake.
I don't really understand what this option was intended to do. The ONLY use i have seen is it stops injection based wep-cracking when you have 0 legitimate clients associated.
So if the HAVE to use WEP PSK, turn it on, otherwise go WPA2-AES. Keep in mind, WPA is only as strong as its passphrase.