Re: WPA2 password problem
- From: Stuart D Gathman <stuart gathman org>
- To: networkmanager-list gnome org
- Subject: Re: WPA2 password problem
- Date: Tue, 28 Sep 2010 12:19:09 -0400
On 09/17/2010 04:27 AM, Marc Herbert wrote:
My current paranoid theory is that the M$ setup CD configures the
WPA2 with a binary key, derived from the passphrase by a proprietary
password hash that only Windows uses.
Interesting... It should be possible to prove this "two hash
functions" theory from packet captures: some of them should show TWO
connection attempts, the first attempt _failing_ with the mismatched
hash function. Note that I said "some captures": the first hash
function tried by Windows could well be the correct one by chance and
then you will not see anything unusual. Then you need to capture
against the other AP style.
Please keep us updated.
Note: as a lesser sin, maybe Windows just implemented some hash before
the WPA standard was completed and then left it there. Just a wild
guess...
I have not been able to do all the tests requested, AP owner is a
working college student and very busy. However, resetting the AP and
configuring via the web interface (instead of the Windows CD) with the
same protocol (WPA2 Personal) and same Passphrase allows all Mac/Linux
boxes to immediately work, while the Windows PCs also continue to work.
This proves to my satisfaction that there are two hashes, and the
Windows Setup CD configures a key using the Windows only hash. I did
get nm-tool output and logs from the Windows setup as requested here.
They are the exactly same as simply putting in the wrong passphrase on
the web setup. I can post them if there is any interest. The problem
can be reproduced by running the Windows Setup CD again if anyone is
gathering evidence.
The router model is WRT54G2. The Setup CD wasn't handy when I was there
last, but if they find it again I'll post the exact version. I also
plan to get a packet trace of Windows connecting to the new standard
Wifi just it case it tries the Windows hash first :-) (I can do that
remotely when the Fedora laptop is there.)
The Setup CD uses a new protocol called WPS. Perhaps WPS allows setting
the actual key rather than a passphrase, enabling the nefarious behaviour.
In any case, the gambit backfired, since the college students love their
iPhones, and having them not work with the Wifi made it clear in their
minds who the villain was (whereas when Fedora/Ubuntu/Macbook didn't
work they were just "fringe" operating systems, and inferior to
Windows). :-)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
