Any progress on WPA/WPA2 support ?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Any progress on WPA/WPA2 support ?

Manolis Tzanidakis
Hello all and happy new year,
in the 3.9 -> 4.0 changelog (http://www.openbsd.org/plus40.html) I saw
this interesting entry:

  Implement the Michael MIC as defined in IEEE 802.11i for TKIP. This
  generates a weak 64-bit digest protected by an additional key -
  required for future IEEE 802.11i/WPA support.

Has there been any progress on WPA/WPA2 support yet ?

P.S.: I know that an IPSEC/OpenVPN-based solution is way more secure
than WPA, so please don't bother trolling about it.  

Best,

--
Manolis Tzanidakis
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Any progress on WPA/WPA2 support ?

Reyk Floeter-2
On Sat, Jan 06, 2007 at 08:14:46PM +0200, Manolis Tzanidakis wrote:

> Hello all and happy new year,
> in the 3.9 -> 4.0 changelog (http://www.openbsd.org/plus40.html) I saw
> this interesting entry:
>
>   Implement the Michael MIC as defined in IEEE 802.11i for TKIP. This
>   generates a weak 64-bit digest protected by an additional key -
>   required for future IEEE 802.11i/WPA support.
>
> Has there been any progress on WPA/WPA2 support yet ?
>

yes, very very minimal progress. i implemented tkip during 23c3 and we
have some pending diffs... but this will take some more time because
it requires intrusive changes in the drivers and the net80211
framework. so far, nothing is commited yet. and again, we do not like
to import the free/netbsd wpa/wpa2 kernel implementation.

somebody wants to sponsor the development ;)?

> P.S.: I know that an IPSEC/OpenVPN-based solution is way more secure
> than WPA, so please don't bother trolling about it.  
>

please......

ipsec != openvpn.

wpa is important for basic network access in unfriendly enviroments
like universities or corporate wireless networks. i can see the point
now, so your request is totally ok.

but i do like to troll about mentioning ipsec and openvpn in one
word... argh... ;-).

reyk

Reply | Threaded
Open this post in threaded view
|

anyone join in and sponsor: Re: Any progress on WPA/WPA2 support ?

Didier Wiroth
----- Original Message -----
From: Reyk Floeter <[hidden email]>
Date: Saturday, January 6, 2007 21:54
Subject: Re: Any progress on WPA/WPA2 support ?
To: Manolis Tzanidakis <[hidden email]>
Cc: [hidden email]
> somebody wants to sponsor the development ;)?>
Hello,
It would be nice if misc@ would sponsor wpa intergration!
I'm sure other users are interested, wpa is really missing ;-(.

It is not that much but I would donate 100Euro, perhaps other users want to join.
Come on guys ... let's sponsor wpa
Kind regards
Didier

Reply | Threaded
Open this post in threaded view
|

Re: Any progress on WPA/WPA2 support ?

Manolis Tzanidakis
In reply to this post by Reyk Floeter-2
[20070106] Reyk Floeter <[hidden email]> wrote:

> yes, very very minimal progress.

thanks for the heads up.

> somebody wants to sponsor the development ;)?

I'd love to but I don't have enough money to sponsor myself :). Someone
else maybe ?

> > P.S.: I know that an IPSEC/OpenVPN-based solution is way more secure
                             ^^^
> ipsec != openvpn.

sure, nobody said that ipsec == openvpn...

> but i do like to troll about mentioning ipsec and openvpn in one
> word... argh... ;-).

damn, I should have wrote "or" instead of "/" or even better put openvpn
in a new sentence ;-).

--
Manolis Tzanidakis
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: anyone join in and sponsor: Re: Any progress on WPA/WPA2 support ?

Nick Guenther
In reply to this post by Didier Wiroth
On 1/6/07, Didier Wiroth <[hidden email]> wrote:

> ----- Original Message -----
> From: Reyk Floeter <[hidden email]>
> Date: Saturday, January 6, 2007 21:54
> Subject: Re: Any progress on WPA/WPA2 support ?
> To: Manolis Tzanidakis <[hidden email]>
> Cc: [hidden email]
> > somebody wants to sponsor the development ;)?>
> Hello,
> It would be nice if misc@ would sponsor wpa intergration!
> I'm sure other users are interested, wpa is really missing ;-(.
>
> It is not that much but I would donate 100Euro, perhaps other users want to join.
> Come on guys ... let's sponsor wpa
> Kind regards
> Didier

I would too, but I remember a while back (but cannot find the message
now) Theo saying that WPA gives a false sense of security and that it
would never be implemented. He didn't explain why. Does anyone else
remember this?

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: anyone join in and sponsor: Re: Any progress on WPA/WPA2 support ?

Ray Percival
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Jan 7, 2007, at 1:11 PM, Nick Guenther wrote:
<snip>
>
>
> I would too, but I remember a while back (but cannot find the message
> now) Theo saying that WPA gives a false sense of security and that it
> would never be implemented. He didn't explain why. Does anyone else
> remember this?

"The problem with this junk is not about security. It's about being
able to access them at all. It is becoming harder to find open  
networks because people are acting like this shit is secure. So you  
get WPA code, and voila, you can route out their nets. They think it  
gives them 'wire-security on wireless' -- but they still want it  
open. Ok, fine, so leave it open. You can't do real security with  
that WPA
junk."

Pretty sure that's what you're thinking of.
>
> -Nick
>

They do not preach that their God will rouse them a little before the  
nuts work loose.
iD8DBQFFoWcD5B7p9jYarz8RAg/0AJ9qcaMPOk9Wk3k+2bPLocSLG2mocACdFO+6
gQdaDOCMIVT14Tn/KU4SYPM=
=s/wB
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: anyone join in and sponsor: Re: Any progress on WPA/WPA2 support ?

Sam Fourman Jr.
In reply to this post by Nick Guenther
The only thing I ever read where theo says anything about WPA is in this article

http://kerneltrap.org/node/4818

Sam Fourman Jr.

On 1/7/07, Nick Guenther <[hidden email]> wrote:

> On 1/6/07, Didier Wiroth <[hidden email]> wrote:
> > ----- Original Message -----
> > From: Reyk Floeter <[hidden email]>
> > Date: Saturday, January 6, 2007 21:54
> > Subject: Re: Any progress on WPA/WPA2 support ?
> > To: Manolis Tzanidakis <[hidden email]>
> > Cc: [hidden email]
> > > somebody wants to sponsor the development ;)?>
> > Hello,
> > It would be nice if misc@ would sponsor wpa intergration!
> > I'm sure other users are interested, wpa is really missing ;-(.
> >
> > It is not that much but I would donate 100Euro, perhaps other users want to join.
> > Come on guys ... let's sponsor wpa
> > Kind regards
> > Didier
>
> I would too, but I remember a while back (but cannot find the message
> now) Theo saying that WPA gives a false sense of security and that it
> would never be implemented. He didn't explain why. Does anyone else
> remember this?
>
> -Nick

Reply | Threaded
Open this post in threaded view
|

Re: Any progress on WPA/WPA2 support ?

Christian Ney
In reply to this post by Reyk Floeter-2
Hey, that's great news indeed!

I'd also be willing to throw in a few bucks for a working WPA
implementation. Reyk, what would you think is needed?

Cheerio,
Chris

Reply | Threaded
Open this post in threaded view
|

Re: anyone join in and sponsor: Re: Any progress on WPA/WPA2 support ?

Didier Wiroth
In reply to this post by Nick Guenther
Nick Guenther wrote:
>
> I would too, but I remember a while back (but cannot find the message
> now) Theo saying that WPA gives a false sense of security and that it
> would never be implemented. He didn't explain why. Does anyone else
> remember this?
>
> -Nick

Hello,

I'm certainly not a security expert to discuss if it is secure or not.
For me, the thought was that it is more an accessibility feature.
It is getting difficult to find non WPA enabled networks at different
places. I'm not able nor qualified to say WPA is secure or not ...

This is another discussion, but some features like this one, could,
perhaps, be sponsored via some kind of "user-funded development/features".

I have been reading articles and I understood that the openbsd
developers don't want to get told what they have to do or not. I really
do respect and understand this attitude.
BUT ;-), it would be nice if they "officially" have some kind of user
sponsored stuff that is not on top of "their" priority list or requires
more money/hardware. If user wants these specific features they are able
to sponsor it, by making "more" donations for a specific feature.

For example:
a) APCI (actually there have been a lot of development lately ... it is
only a sample ;-))
b) WPA
c) etc ....

I can only talk for me. I hope this won't start some kind of flaming
thread.
I actually make donations (money / hardware) from time to time and I
don't expect any specific features and I'm ok with that.

If there were some user sponsored features. The developers would decide,
"ok if the user want this", they can get it faster by sponsoring it.
This features requires for example 10.000 dollars or 2 laptops and 3
servers, you can donate here https://https.openbsd.org/xyz" where you
would have for example "wpa donation" or "acpi donation" etc ...

Of course, when the money or the hardware is available to the developers
their would be "no" time frame to release it. It would get in the cvs
tree when it's ready.

May be users would spend more and even regularly. I would actually
"WITHOUT" stopping other donations via (CDs, shirts or (neutral) ;-)
money donations).

Kind regards,
Didier