Re: home WPA-secured network -- as simple as possible
Matej Cepl <email@example.com> writes:
> Daniel Pittman wrote:
>>> I have decided that I would like to switch home network (just our two
>>> notebooks) to wireless and I would like to make it WPA-secured. Can
>>> anybody suggest the most simple WPA configuration using wpasupplicant,
>> psk="really secure"
>> Use WPA-PSK, aka WPA-Personal, and set your widget to broadcast the
>> SSID. Bingo, as simple and secure as possible.
> So, I have tried your advice, but without success (two computers did not
> seem to see each other). After some digging into output of dmesg outputs on
> both computer I found this.
> The first computer uses internal Wi-Fi card (PCI ID 14e4:4318 (rev 02), aka
> Broadcom Corporation: Unknown device 4318 (rev 02)) and when ndiswrapper is
> used it gives this in dmesg:
...oh. This could very well be your problem: NDISwrapper is a nasty
hack to load Windows binary drivers under Linux. Support for various
features, such as WPA, is ... spotty, as I understand it.
> The other computer has PCMCIA Orinoco card which identifies itself as:
I believe that the supplied in-kernel driver may not support WPA
properly. You may want to try the "HostAP" driver for the card instead,
and possibly need to upgrade to a more recent firmware.
If I identify which card this is correctly, of course.
> 1) Agere driver has to be downloaded and wpasupplicant recompiled
> 2) The only encryption mode supported by both cards seems to be WEP (and
> even then I am not sure, whether my PCI Card supports 104 key). Is it
> possible to use it in Ad-hoc mode? Is it possible to use it with
> wpa_supplicant (README claims, that wpa_supplicant supports "key management
> for CCMP, TKIP, WEP104, WEP40"; what's that)?
Well ... CCMP and TKIP are ways to manage WEP keys using an automatic
rekeying process. They allow older hardware that /doesn't/ support the
AES encryption that WPA needs in hardware/firmware to participate in a
WPA based network anyway.
They are used to rotate WPA keys on a regular basis (usually, every 5
minutes), so that people can't break in. :)
WEP104 and WEP40 are the strong and weak WEP variants. The 104 and 40
are sometimes advertised as 128 and 56 (or 64) bit keys, but of those
bit, some are exposed giving an actual *secret* key length of 104 or 40
>> Set wpa_supplicant to start at boot, tell it to use your wireless
>> interface, and to wait until it is available, and it should just
> when trying wpa_supplicant on command line (i.e., in foreground), should I
> ifup the interface or only after wpa_supplicant succeeds (which hasn't
> happened yet :-))?
You can ask wpa_supplicant to wait until the interface is up, and you
may need to tell it the right sort of method for talking to the card.
The documentation that came with it is the best source of this
If I had realized that you wanted to use NDISwrapper with the card I
would have suggested that there may be issues. Also, as noted, you may
need a newer driver or firmware for the Orinoco card to enable WPA
 Basically, if new enough the firmware will pass some additional
data through to the kernel, allowing wpa_supplicant and the driver
to do the WPA encryption.