Re: NM and WEP

[Patton Echols <p echols comcast net>]

On 06/04/2007 06:12 PM, Dan Williams wrote:
> On Sun, 2007-06-03 at 02:06 -0700, Patton Echols wrote:
>   
> > Sry if this reposts.  Having mail trouble here so trying again.
> >
> > On 05/31/2007 02:16 PM, Dan Williams wrote:
> >     
> > > On Thu, 2007-05-31 at 17:25 +0000, Volker Braun wrote:
> > >   
> > >       
> > > > Your WEP password is wrong. A glaring design flaw of WEP is that it does 
> > > > not give any feedback on whether the password is correct or not. 
> > > >     
> > > >         
> > > Right; NM basically has to try to run DHCP and (after 40s) timeout the
> > > connection attempt, because there's no indication that the key is wrong.
> > >
> > >   
> > >       
> > Well, the scenario is this:
> >
> > The A.P. is at a coffee shop that is selected by other folks for 
> > meetings. They provide "free" access, but use WEP to keep folks from 
> > parking in their lot, using their connection and not coming in to buy 
> > coffee. When you buy coffee, they have a stack of slips on the counter 
> > with the current password. It is not designed for real security, just to 
> > be enough of a hassle so that people will actually come in the store. 
> > The point of this background is that the passwords are easy: Like 
> > "h0t-m0cha" and they are written down, so easy to key in correctly. 
> > Finally, as I said in the original post, when I boot to WinXP, feed it 
> > the password, it works just fine.
> >     
> > > Be _sure_ you have the right type of passphrase.  The other flaw in WEP
> > > is that there are 3 key lengths (40, 104, and 152 bit) and 3 different
> > > passphrase hashes (hex, ascii, and passphrase).  
> > >       
> > Ok, I saw the place to select the hash on the passphrase dialog, but I 
> > thought it was just looking for eg; a hex passphrase. In which case a 
> > passphrase with a "t" or "m" would not work. Could I use the example 
> > above if I switched to hex or ascii?
> >
> > I don't remember seeing a choice of key length. Is that in the same 
> > dialog? Or do I change that setting elsewhere. If NM defaults to 104 
> > bit, I can imagine a failure because the philosophy of what they are 
> > trying to do is minimal security.
> >     
> > > There's also the Open
> > > System and Shared Key auth methods.  You must get all of those correct,
> > > otherwise the connection will not succeed.
> > >   
> > >       
> > And no way to get the AP to tell you the combo it is looking for? How 
> > does windoze do it then? It seems to work there :-(
> >     
>
> No, there is no way with WEP.
>
> It works on Windows XP/2000 because the only entry type is "Hex Key";
> there isn't even a choice for Passphrase or anything else.  You can only
> do actual passphrases with vendor driver utils from D-Link, Linksys,
> etc.  That said, having to present a choice between 3 different kinds of
> key types really sucks.
>
> If the key you're given is 10 or 26 characters long, and only includes
> the the numbers 1 - 9 and letters a - f, then it's almost certainly a
> Hex Key, not a passphrase.
>
> Dan
>   
Well, no great surprise here, Dan was exactly right.  My example of a 
passphrase of "hot-mocha" must have been a bad memory, 'cuz that can't 
be a hex key.  When I went back, the new passphrase was the shop's phone 
number -- (I really don't know why they bother!) entered as hex and 
worked fine.

This raises a good point, I think.  If faced with a situation like this, 
where given a WEP passphrase but not the type?  Assume hex unless it 
clearly is something else.

Dan, and everyone else who answered, thanks for the insight.  I 
appreciate it.

Patton