# (SOLVED) What kernel options for wifi WEP support?

## Kasumi_Ninja

I am trying to connect my laptop to my wireless router. All works fine when any encryption is turned off on the router. However when I turn on WEP I can;t connect anymore. I suspect I 'forgot' to activate the right kernel options. Is this correct? and if so which kernel options do I need to turn on?Last edited by Kasumi_Ninja on Sun May 13, 2007 12:39 pm; edited 1 time in total

----------

## toralf

Don't use WEP - it's unsecure - use WPA instead (eg. net-wireless/wpa_supplicant)

----------

## Kasumi_Ninja

 *toralf wrote:*   

> Don't use WEP - it's unsecure - use WPA instead (eg. net-wireless/wpa_supplicant)

 

Thanks for the info   :Smile: . For testing purposes I like to test both. Do you happen to know what I should change in the kernel.

P.S. 

Nice avatar. Alf rocks  :Very Happy: 

----------

## toralf

Look for CONFIG_IEEE80211 (Networking -> Networking Options -> IEEE 802.11 WEP encryption (802.1x)

----------

## Kasumi_Ninja

 *toralf wrote:*   

> Look for CONFIG_IEEE80211 (Networking -> Networking Options -> IEEE 802.11 WEP encryption (802.1x)

 

I can't find it   :Crying or Very sad: 

```

  │                                                                                                                                                    │

  │ ┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ │

  │ │                                     [ ] Network packet debugging                                                                               │ │

  │ │                                     <*> Packet socket                                                                                          │ │

  │ │                                     [ ]   Packet socket: mmapped IO                                                                            │ │

  │ │                                     <*> Unix domain sockets                                                                                    │ │

  │ │                                     < > PF_KEY sockets                                                                                         │ │

  │ │                                     [ ] TCP/IP networking                                                                                      │ │

  │ │                                     [ ] Security Marking                                                                                       │ │

  │ │                                     [ ] Network packet filtering (replaces ipchains)  --->                                                     │ │

  │ │                                     <M> Asynchronous Transfer Mode (ATM) (EXPERIMENTAL)                                                        │ │

  │ │                                     < >   LAN Emulation (LANE) support (EXPERIMENTAL)                                                          │ │

  │ │                                     < > 802.1d Ethernet Bridging                                                                               │ │

  │ │                                     <M> 802.1Q VLAN Support                                                                                    │ │

  │ │                                     < > DECnet Support                                                                                         │ │

  │ │                                     < > ANSI/IEEE 802.2 LLC type 2 Support                                                                     │ │

  │ │                                     < > The IPX protocol                                                                                       │ │

  │ │                                     < > Appletalk protocol support                                                                             │ │

  │ │                                     < > CCITT X.25 Packet Layer (EXPERIMENTAL)                                                                 │ │

  │ │                                     < > LAPB Data Link Driver (EXPERIMENTAL)                                                                   │ │

  │ │                                     < > WAN router                                                                                             │ │

  │ │                                         QoS and/or fair queueing  --->                                                                         │ │

  │ │                                         Network testing  --->                                                                                  │ │

  │ │                                                                                                                                                │ │

  │ │                                                                                     
```

I also searched for WEP in .config all I could find was a bluetooth driver

```
# Bluetooth device drivers

#

CONFIG_BT_HCIUSB=m

CONFIG_BT_HCIUSB_SCO=y

CONFIG_BT_HCIUART=m

CONFIG_BT_HCIUART_H4=y

CONFIG_BT_HCIUART_BCSP=y

CONFIG_BT_HCIBCM203X=m

CONFIG_BT_HCIBPA10X=m

CONFIG_BT_HCIBFUSB=m

CONFIG_BT_HCIDTL1=m

CONFIG_BT_HCIBT3C=m

CONFIG_BT_HCIBLUECARD=m

CONFIG_BT_HCIBTUART=m

CONFIG_BT_HCIVHCI=m

CONFIG_IEEE80211=m

# CONFIG_IEEE80211_DEBUG is not set

CONFIG_IEEE80211_CRYPT_WEP=m

CONFIG_IEEE80211_CRYPT_CCMP=m

CONFIG_IEEE80211_CRYPT_TKIP=m

CONFIG_IEEE80211_SOFTMAC=m

# CONFIG_IEEE80211_SOFTMAC_DEBUG is not set

CONFIG_WIRELESS_EXT=y
```

----------

## Veldrin

What about this one....  :Wink: 

```
 Networking  --->

    ---     IEEE 802.11 WEP encryption (802.1x)
```

For some reason (I guess it my ipw2200) WEP is activated by default...

 *Quote:*   

> Don't use WEP - it's unsecure - use WPA instead (eg. net-wireless/wpa_supplicant)

  It can even used to define individual profiles for any number of AP-setups

cheers

V.

----------

## Kasumi_Ninja

 *Veldrin wrote:*   

> What about this one.... 
> 
> ```
>  Networking  --->
> 
> ...

 

Thanks! Wep was hidden under Generic IEEE 802.11 Networking Stack:

```
Networking  --->

 < >   Generic IEEE 802.11 Networking Stack 

  │ │                                     [ ]     Enable full debugging output (NEW)                                                                 │ │

  │ │                                     < >     IEEE 802.11 WEP encryption (802.1x) (NEW)                                                          │ │

  │ │                                     < >     IEEE 802.11i CCMP support (NEW)                                                                    │ │

  │ │                                     < >     IEEE 802.11i TKIP encryption (NEW)                                                                 │ │

  │ │                                     < >     Software MAC add-on to the IEEE 802.11 networking stack (NEW)      
```

What do you mean with your Wep security comment?

----------

## Veldrin

I was talking about wpa_supplicant. (I recently discovered this tool, and it simplifies wlan access at university; i.e no more vpn)

Somebody please correct the numbers, if they are wrong.

You need about 1000 packages to WEP encrypted traffic to crack the encryption. 

WEP is flawed by design: officially, it uses a 56-bit key, but for some reasons of convenience only 40 bits are used, and has a static key.

Compared to WPA which uses an AES encryption which has a key-length of at least 128 bits, 256 bits at most, and changes the key-pair every minute or so.

Doing the math: 

2^40 ~= 10^12 different keys

2^128 = 2^120 * 2^8 ~= 10^36 * 10^2 different keys

For simplicity assume that the WPA key has only 120 bits, or 3 times the length of the WEP key. Using brute force the time needed to crack the WEP encryption get cubed for the WPA: e.g 10 minutes for WEP --> 1000 minutes (16 houres) for WPA.

I hope helped more that I confused. 

cheers

V.

----------

## Kasumi_Ninja

 *Veldrin wrote:*   

> I was talking about wpa_supplicant. (I recently discovered this tool, and it simplifies wlan access at university; i.e no more vpn)
> 
> Somebody please correct the numbers, if they are wrong.
> 
> You need about 1000 packages to WEP encrypted traffic to crack the encryption. 
> ...

 

 :Shocked:  The bottom line; is wep sucks hard. Thank you very much for the careful explanation. 10 minutes for Wep is indeed crap. Do you know a good tool (in portage) to test the strength of my own wep encryption?

----------

## Veldrin

As I say, no guarantee for the numbers, but WEP cracking lies within a few minutes; provided you have the right tools.

As for checking the strength, I don't know of any tool. Try to change the key pretty often (once a week), if it is not to much of a hassle. Or try to add another layer of security, such as MAC filtering. 

cheers

V.

----------

## SpaceApache

 *Quote:*   

>  The bottom line; is wep sucks hard. Thank you very much for the careful explanation. 10 minutes for Wep is indeed crap. Do you know a good tool (in portage) to test the strength of my own wep encryption?

 

 *Quote:*   

> As for checking the strength, I don't know of any tool. Try to change the key pretty often (once a week), if it is not to much of a hassle. Or try to add another layer of security, such as MAC filtering. 

 

I haven't tried it yet as I am _very_ new to wifi networking (and can't figure out how to connect to my router with anything other than no encryption what-so ever, let alone WEP), but in my travels to find a solution to end my three day search on getting my Netgear WPN311 PCI card to work at all, I came across this package in the portage tree: "wepattack"

Thusly:

```
emerge -s wepattack

emerge -av wepattack
```

This also compiles with "john" in your USE flags to compile with johntheripper support

```
emerge -s johntheripper
```

For a touch more information.

Hope this helps your cause.

Nathaniel.

----------

## Kasumi_Ninja

 *SpaceApache wrote:*   

>  *Quote:*    The bottom line; is wep sucks hard. Thank you very much for the careful explanation. 10 minutes for Wep is indeed crap. Do you know a good tool (in portage) to test the strength of my own wep encryption? 
> 
>  *Quote:*   As for checking the strength, I don't know of any tool. Try to change the key pretty often (once a week), if it is not to much of a hassle. Or try to add another layer of security, such as MAC filtering.  
> 
> I haven't tried it yet as I am _very_ new to wifi networking (and can't figure out how to connect to my router with anything other than no encryption what-so ever, let alone WEP), but in my travels to find a solution to end my three day search on getting my Netgear WPN311 PCI card to work at all, I came across this package in the portage tree: "wepattack"
> ...

 

Kewl, thanks for your reply I will look into it. Currently I am stuck with wep, everytime I try to use wpa my system freezes   :Shocked: . Moreover I just can't get wpa_suppliant working with my rtl 8187 driver. Therefor I resorted to generating a secure wep password: https://forums.gentoo.org/viewtopic-p-4053565.html#4053565

----------

