No Auth vs WEP Open

Answered Question
Oct 10th, 2008

Hello,


I have read abit and iam confused about the difference between having no authentication and having open/shared authentication.


As i understand from what i read, In Open and Shared Authentication:


In Open Authentication: In the stage 2 ( Authenticated, unAssociated); there should be only 2 Authentication (management) frames, namely

1> STA sends out Authentication frame, and

2> AP replied with Authentication frame


While in Shared Authentication : In the stage 2 ( Authenticated, unAssociated); there should be 4 Authentication (management) frames, namely

1> STA sends out Authentication frame, and 2> AP replied with Authentication frame with challenge text (clear), then

3> STA replies with Authentication frame with encrypted challenge text. Upon receiving this, AP decrypts the challenge text, if the frame decrypts to the Challenge Text,

4> the access point will respond with Authentication frame with a status code of successful.


In case no authentication (none) is enabled, I would like to know the handshake of frames. pl help.


In WEP, I have seen open and shared Authentication.

I was wondering that in WEP open authentication, whether the WEP key is used during authentication or its only during Data transfer.


Pl help me on this?




Correct Answer by jeff.kish about 8 years 4 months ago

Unfortunately, since Shared Authentication is a legacy method, I don't know many details about how it works. I'll do my best to answer your questions though.


1. You can perform open authentication without any kind of encryption. Shared key encryption requires a WEP key.


2. The challenge text is irrelevent, it is a random "word" sent by the AP to the client in cleartext. It is heard by everyone in the room since it is being broadcast wirelessly.


3. Yes, I believe so.


4. It appears to be accurate. The handshake does not involve a challenge - it simply involves a request and an acceptance. Using Open authentication, a client is free to authenticate and associate, but no traffic can pass without a WEP key.


5. No, the long handshake is not the concern. As mentioned above, the challenge text is sent in cleartext, and everyone in the room hears it. The client then responds immediately with the chellenge text encrypted with the WEP key. In other words, anyone listening in here will learn what a particular phrase looks like unencrypted and encrypted. They can easily perform offline dictionary attacks to find a key that performs this exact transformation. Open authentication is more secure despite appearing less secure. Anyone can authenticate to the AP, even if they don't have the WEP key. However, they cannot pass traffic without it, so it doesn't do them much good.


Again, I hope this all makes sense. I'm glad you're wanting to learn and understand this process, because as I said before it's not easy to do. I will definitely suggest that you explore WPA encryption once you're comfortable with WEP concepts. WEP itself is legacy and should never be used.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jeff.kish Fri, 10/10/2008 - 05:43

Open and shared authentication are as close to "no authentication" as it gets. There must be some level of authentication for a client to connect to an access point. These are basic methods that do not require PSKs or WEP keys.


Now, when you use WEP, it is a form of encryption, not authentication. So you still must choose between open and shared authentication as a means of passing your WEP key to authenticate yourself.


As I'm sure you found in your studying, do not use shared authentication. It is a very insecure method of passing your WEP key. It is part of the 802.11 standard, which is the only reason why it's still an option.


I hope this serves to clarify and not confuse :) It's not an easy topic to grasp at all.

Queen245_goa Tue, 10/14/2008 - 01:35

Thanks Jeff,


As understand from your reply,

WEP is an Encryption technique and Open/Shared is an Authentication technique.


My further question would be,

1. Can we have open and shared authentication without having any encryption technique?

if yes, then how will shared authentication work? what will be the challenged text sent? Can you explain the handshake between AP and client in this scenario?


2. When WEP is enabled, we have to choose our authentication to be either open or shared.

What is the challenged text sent by AP to Client in WEP Shared authentication?


3. When the client replies back to the AP, encrypting the challenged text, does it use the same WEP algorithm as shown in the attachment?


4. When We use WEP and open authentication, What is the handshake used? is it the one i had attached in my previous post? (association.jpeg)


Yes i read about Shared WEP being more exposed to threats.

5. Is this because of the longer handshake? (meaning 4 authentication frames)what abt open?


Pl guide me.



Attachment: 
Correct Answer
jeff.kish Tue, 10/14/2008 - 05:51

Unfortunately, since Shared Authentication is a legacy method, I don't know many details about how it works. I'll do my best to answer your questions though.


1. You can perform open authentication without any kind of encryption. Shared key encryption requires a WEP key.


2. The challenge text is irrelevent, it is a random "word" sent by the AP to the client in cleartext. It is heard by everyone in the room since it is being broadcast wirelessly.


3. Yes, I believe so.


4. It appears to be accurate. The handshake does not involve a challenge - it simply involves a request and an acceptance. Using Open authentication, a client is free to authenticate and associate, but no traffic can pass without a WEP key.


5. No, the long handshake is not the concern. As mentioned above, the challenge text is sent in cleartext, and everyone in the room hears it. The client then responds immediately with the chellenge text encrypted with the WEP key. In other words, anyone listening in here will learn what a particular phrase looks like unencrypted and encrypted. They can easily perform offline dictionary attacks to find a key that performs this exact transformation. Open authentication is more secure despite appearing less secure. Anyone can authenticate to the AP, even if they don't have the WEP key. However, they cannot pass traffic without it, so it doesn't do them much good.


Again, I hope this all makes sense. I'm glad you're wanting to learn and understand this process, because as I said before it's not easy to do. I will definitely suggest that you explore WPA encryption once you're comfortable with WEP concepts. WEP itself is legacy and should never be used.

Queen245_goa Mon, 10/20/2008 - 02:42

Thanks alot Jeff.


You have certainly cleared my doubts with your good explanation and ofcourse you have been a great encouragement as well :)


later would like to explore how wep key is cracked and how wpa exncryption is done.

Any good arcticles for understanding are welcome ;0


Thanks once again.

keep up the good work you r doin.


Cheers!


jeff.kish Mon, 10/20/2008 - 05:08

Glad to help!


I don't think there are any good Cisco articles on cracking WEP (not that I've seen, at least), but there are PLENTY of articles on Google. Just search for "crack WEP" and you'll find more information than you every wanted to know.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode