Contributed by ray on from the one-small-step-for-reyk dept.
I just imported wpa_supplicant into the ports tree but it does _not_ support WPA; the wireless-specific functionality is disabled in OpenBSD because we still miss the required kernel support for it.wpa_supplicant is a fully-featured implementation of an IEEE 802.1X port authentication client ("supplicant") which can be used to authenticate against wired Ethernet switches. Support for the wireless functionality is optional in wpa_supplicant; we don't use it yet.
WPA/WPA2/802.11i extends 802.1X to handle the additional dynamic key exchange, AP handling, roaming etc. in wireless networks. We may want to use the port later to work on WPA in the kernel, but we're also looking into other alternatives to implement the 802.1X-part of WPA.
(Comments are closed)
By Peter N. M. Hansteen (pitrh) peter@bsdly.net on http://bsdly.blogspot.com/, http://www.bsdly.net/~peter/
I tend to get that question a lot, it almost looks like wpa in some places is a suits level requirement to get in the door.
Comments
By Anonymous Coward (70.173.172.228) on
>
> I tend to get that question a lot, it almost looks like wpa in some places is a suits level requirement to get in the door.
>
source changes shows a fair amount of work on kernel support for it.
Comments
By Peter N. M. Hansteen (pitrh) peter@bsdly.net on http://bsdly.blogspot.com/
Yes, I've noticed they're hard at work with the wireless, generating Great Expectations for 4.2 :)
By Anonymous Coward (85.178.84.61) on
WEP f.e. knows about serval obscure Standards with different Keysizes up to 256Bit WEP.
OpenBSD unfortunally doesn't support 256Bit WEP (or I'm too dump to enter such large keys correctly..) so will there be a familiar situation with WPA or is it more clearly defined?
Or could it be possible to expand the keysize for the current WEP Implementation up to 256Bit?
Btw: WPA uses AES so will a propably working OpenBSD AP with WPA speed up WPA using a crypto accelerator (VIA CPUs or others)? Would be cool :-)
Comments
By Anonymous Coward (81.217.26.122) on
256 Bit WEP is not an official standard. It's an extension like all the other misguided attempts to secure this encryption scheme.
> Are there also plenty of WPA-Standards?!
There is WPA, which is a subset of the official standard 802.11i or "WPA2" and 802.11i/WPA2 itself. Both have different means of encryption and authentication available, defined in their respective standards documents.
I have not seen the same uncontrolled growth of extensions which has happened to WEP.
Comments
By Anonymous Coward (85.178.106.245) on
>
> 256 Bit WEP is not an official standard. It's an extension like all the other misguided attempts to secure this encryption scheme.
>
> > Are there also plenty of WPA-Standards?!
>
> There is WPA, which is a subset of the official standard 802.11i or "WPA2" and 802.11i/WPA2 itself. Both have different means of encryption and authentication available, defined in their respective standards documents.
>
> I have not seen the same uncontrolled growth of extensions which has happened to WEP.
THanks for pointing this out.
I got confused about WEP because of all those extension-foo.... :)
By Anonymous Coward (81.57.42.108) on
That's an absolutely fantastically good news.
Even if plain working WPA for OpenBSD wouldn't be finished before two or three years from now, it's great to ear that someone care enough about it to start investigating and adding the first bricks.
So we've now good hope that someday we'll can join all those (company|enterprise|public|...) wireless networks that we don't own nor administer, use our ISP provided WPA-locked Access Points, ... from our OpenBSD clients.
Comments
By Anonymous Coward (12.149.141.194) on
>
> That's an absolutely fantastically good news.
>
> Even if plain working WPA for OpenBSD wouldn't be finished before two or three years from now, it's great to ear that someone care enough about it to start investigating and adding the first bricks.
> So we've now good hope that someday we'll can join all those (company|enterprise|public|...) wireless networks that we don't own nor administer, use our ISP provided WPA-locked Access Points, ... from our OpenBSD clients.
>
Excellent news, indeed. Thanks to Reyk for the work and the update :)
By Maximilian Gass (80.130.187.74) on
I must admit that I don't like the idea of configuring WPA seperated from other network stuff. It would be rather nice to do at least basic WPA-PSK with ifconfig - like WEP. I think that would fit with OpenBSD's simplistic approach ;-)
Maxx
By Wires all the way (86.91.41.86) on
So, never looked further into it, but as i understood, OBSD could also be used as a Wireless-AP right ? But not with WPA then ? or at least not until now and now this is something that is (now) worked on...or am i missing the point here completly ? OpenBSD only WEP ? that cant be true ? WEP is $@!$@#...
I must be mistaken ?
regards
Wires
Comments
By Anonymous Coward (74.13.39.27) on
Comments
By Anonymous Coward (81.217.26.122) on
That's a matter of interpretation. The full 802.11i standard contains the authentication part, so whether Reyk or others will some day work on the encryption part or not, the committed code can very well be seen as "working on WPA", even if it might not be the final authentication code and the current code just helps to decide whether it's suitable or not.
By Anonymous Coward (81.217.26.122) on
You understood correctly,
> OpenBSD only WEP ? that cant be true ? WEP is $@!$@#...
but you look at it the wrong way. WEP support was developed when everyone was developing it for their operating systems. Back then, the weaknesses were not known, but when the first attack came along the manpages were updated to clearly state this weakness. It was not until recently (April) with the latest cracking method which allows to crack the key within some minutes (not hours as before) that WEP is completely and utterly void.
So it's not like the security-conscious OpenBSD team doesn't support anything other, because they feel WEP is secure. It's just that there was (almost) no development on WPA/WPA2 support before.
Who knows, maybe eventually WEP gets kicked out one day, like what happened with telnetd. Bearing this name, it could potentially do more harm than good in a novice's understanding.
So please don't see WEP as a feature in OpenBSD in the field of wireless encryption, but rather a remnant.
Comments
By Anonymous Coward (85.178.106.245) on
>
> You understood correctly,
>
> > OpenBSD only WEP ? that cant be true ? WEP is $@!$@#...
>
> but you look at it the wrong way. WEP support was developed when everyone was developing it for their operating systems. Back then, the weaknesses were not known, but when the first attack came along the manpages were updated to clearly state this weakness. It was not until recently (April) with the latest cracking method which allows to crack the key within some minutes (not hours as before) that WEP is completely and utterly void.
>
> So it's not like the security-conscious OpenBSD team doesn't support anything other, because they feel WEP is secure. It's just that there was (almost) no development on WPA/WPA2 support before.
>
> Who knows, maybe eventually WEP gets kicked out one day, like what happened with telnetd. Bearing this name, it could potentially do more harm than good in a novice's understanding.
>
> So please don't see WEP as a feature in OpenBSD in the field of wireless encryption, but rather a remnant.
Well telnetd was kicked out.. but was it the "right step"?
Let me tell you a example:
WEP is used in unversities..and even more and more spread WPA-only WLANs so kicking WEP out would just mean that some people can't use OpenBSD again like it happened with telnetd.
Why would somebody use a telnetd?
Well some "old boxes" on universities provide telnet access to provide students the ability to acclimate to *NIX or learn shell commands.
So it's not used for "importent" things like reading mails (at least not here).
Some years ago these servers where all OpenBSD Servers but because OpenBSD does not support telnetd anymore the OS was replaced by another because those old boxes can't handle "houndrets" of SSH-Sessions and they didn't want to buy new Hardware.
Well I personaly ask myself who the fuck needs a identd enabled by default...
telnetd was never enabled by default.. so why not kicking out FTP as well because it's unencrypted and on OpenBSD the ftp-Password == account password?
Today I installed again a OpenBSD mashine and it just sucks to always comment out the bullshit from the inetd.conf and then shut the inetd down completly...
Ok, I copied a modified inetd.conf but hell...
Why not banning this crap except of talking about removing WEP?
Your comment makes less sense to me brotha
Comments
By Anonymous Coward (203.65.245.11) on
Yes.
> WEP is used in unversities..and even more and more spread WPA-only WLANs so kicking WEP out would just mean that some people can't use OpenBSD again like it happened with telnetd.
You know we're talking about the future, right? You know, a future where WPA/WPA2 is prevailing and WEP almost extinct.
> Some years ago these servers where all OpenBSD Servers but because OpenBSD does not support telnetd anymore the OS was replaced by another because those old boxes can't handle "houndrets" of SSH-Sessions and they didn't want to buy new Hardware.
Why would the OpenBSD team care about a university that is too cheap to buy a new box that can handle a few hundred ssh connections?
> Today I installed again a OpenBSD mashine and it just sucks to always comment out the bullshit from the inetd.conf and then shut the inetd down completly...
Uh, if you're gonna shut inetd off completely you dont need to edit inetd.conf, just disable inetd in rc.conf.
> Ok, I copied a modified inetd.conf but hell...
> Why not banning this crap except of talking about removing WEP?
The developers aren't talking about removing WEP, non-developers are speculating that it might happen in the future.
By sthen (85.158.44.149) on
ohnono, it's exactly like the name implies. "wired equivalent privacy". Anyone who has access to the transmission medium can play games to get at the data.
Comments
By Anonymous Coward (129.12.200.49) on
By cAPTAIN^k (203.97.60.109) on
Keep in mind off the shelf hardware still only supports WEP (NO WPA!) eg. Nintendo DS handheld console...
By Dave (207.37.89.65) on
Comments
By Anonymous Coward (24.37.242.64) on
>
Regardless of those who don't like it or want it, there's others who do want it and need it (it's always nice to have more choice and options, even as an 'option') - so I'm in to donate more for this...
Comments
By Anonymous Coward (81.217.26.122) on
>
> Regardless of those who don't like it or want it, there's others who do want it and need it (it's always nice to have more choice and options, even as an 'option') - so I'm in to donate more for this...
Great, just hold this urge a little longer :-)
I talked to Reyk and he'd welcome sponsorship. He has a PayPal account and maybe for the Europeans under us, he reveals his bank account. I'm posting here as soon as I have all the details. Please check back soon.
But be aware, these are contributions with no strings attached. It buys you no rights to bug him every two weeks if it's already done. :-)
And please don't stop donating to the OpenBSD project itself.
Comments
By Timo Myyrä (87.192.85.251) on
Main reasons I use Linux on my laptop is the missing WPA-support and missing open source driver for my ATI Mobility X1400. X.org 7.3 should give a working driver for ATI so only thing missing then would be the WPA :)
By Anonymous Coward (81.217.26.122) on
Comments
By Anonymous Coward (81.217.26.122) on
http://www.openbsd-wiki.org/index.php?title=Fundraising:WPA
There's also a parent page for other potential projects: http://www.openbsd-wiki.org/index.php?title=Fundraising
By Anonymous Coward (216.68.198.57) on
Wireless world changes fast and has a lot coming, http://dailywireless.org, a good site.
Open non-NDA FULL documentation/specs/firmware distribution, etc, on wireless and some support from vendors, could help.
However OSS gets locked out of much wireless markets, grr, too bad for them, perhaps they might see the way.
Cheers.
By toxa (213.170.76.150) on
Comments
By Anonymous Coward (203.97.60.109) on
Would it be the fact that it is crackable?
Comments
By Anonymous Coward (213.170.76.150) on
>
> Would it be the fact that it is crackable?
AFAIK, only weak PSK version of first WPA edition (with weak EAP versions) is crackable.
WPA2-corporate (e.g. with RADIUS) is not considered to be crackable yet.
By Rich (195.212.199.56) on
Can someone explain why WPA needs kernel support? It seems fundamentally wrong that something like this needs support from the kernel. I suppose I'm answering my own question, but doesn't WPA just sit on top of the normal wireless protocol? I guess not.
Just comparing it with something like SSL/SSH - this doesn't need kernel support! ...or does it? :-)
R.
Comments
By Damien Miller (djm) on http://www.mindrot.org/~djm/
>
> Can someone explain why WPA needs kernel support?
Yes, the cryptography is performed at link layer.