I have read abit and iam confused about the difference between having no authentication and having open/shared authentication.
As i understand from what i read, In Open and Shared Authentication:
In Open Authentication: In the stage 2 ( Authenticated, unAssociated); there should be only 2 Authentication (management) frames, namely
1> STA sends out Authentication frame, and
2> AP replied with Authentication frame
While in Shared Authentication : In the stage 2 ( Authenticated, unAssociated); there should be 4 Authentication (management) frames, namely
1> STA sends out Authentication frame, and 2> AP replied with Authentication frame with challenge text (clear), then
3> STA replies with Authentication frame with encrypted challenge text. Upon receiving this, AP decrypts the challenge text, if the frame decrypts to the Challenge Text,
4> the access point will respond with Authentication frame with a status code of successful.
In case no authentication (none) is enabled, I would like to know the handshake of frames. pl help.
In WEP, I have seen open and shared Authentication.
I was wondering that in WEP open authentication, whether the WEP key is used during authentication or its only during Data transfer.
Pl help me on this?
Unfortunately, since Shared Authentication is a legacy method, I don't know many details about how it works. I'll do my best to answer your questions though.
1. You can perform open authentication without any kind of encryption. Shared key encryption requires a WEP key.
2. The challenge text is irrelevent, it is a random "word" sent by the AP to the client in cleartext. It is heard by everyone in the room since it is being broadcast wirelessly.
3. Yes, I believe so.
4. It appears to be accurate. The handshake does not involve a challenge - it simply involves a request and an acceptance. Using Open authentication, a client is free to authenticate and associate, but no traffic can pass without a WEP key.
5. No, the long handshake is not the concern. As mentioned above, the challenge text is sent in cleartext, and everyone in the room hears it. The client then responds immediately with the chellenge text encrypted with the WEP key. In other words, anyone listening in here will learn what a particular phrase looks like unencrypted and encrypted. They can easily perform offline dictionary attacks to find a key that performs this exact transformation. Open authentication is more secure despite appearing less secure. Anyone can authenticate to the AP, even if they don't have the WEP key. However, they cannot pass traffic without it, so it doesn't do them much good.
Again, I hope this all makes sense. I'm glad you're wanting to learn and understand this process, because as I said before it's not easy to do. I will definitely suggest that you explore WPA encryption once you're comfortable with WEP concepts. WEP itself is legacy and should never be used.