Re: if PA is hidden and client cannot see AP's ssid, what should put for wpa_passphrase?

On Wed, 2007-02-28 at 21:49 -0800, hong zhang wrote:
> Dan,
>  
> I look at my AP beacon and find two ucastcipher. One is tkip and
> another one is ccmp. I can not make it as only one ucastcipher
> ---tkip. I do not want to have ccmp.
>  
> Also, how to decide wpa_ie value?

Configure the access point to only support TKIP if you really want this.
But what are you trying to do here?  You should be using CCMP on all
stations if you can, but if you have any stations that do not support
CCMP, you want to use TKIP with those.  So you should probably have
_both_ CCMP and TKIP enabled on the AP.

It shouldn't matter to the station what cipher the AP uses.  The client
will just pick the one that both it and the AP support, and use that.
You shouldn't need to disable one.

To specify only TKIP in wpa_supplicant, you use:

pairwise=TKIP
group=TKIP

but if you're dealing with a hidden AP, you need to make sure that your
pairwise and group cipher options match _exactly_ what the AP says in
its information element, and therefore you'd want both TKIP and CCMP in
the wpa_supplicant config file.

Dan

> ---henry
> 
> Dan Williams <dcbw <at> redhat.com> wrote:
>         On Wed, 2007-02-28 at 12:42 -0800, hong zhang wrote:
>         > List,
>         > 
>         > wpa_passphrase requires ssidname and passphrase as input.
>         But if one
>         > client/station wants to associate an hidden AP. That means
>         client
>         > could not see AP's ssid name (empty). How can we run
>         > wpa_passphrase without ssid input and wpa_passphrase would
>         not work.
>         
>         You just have to know the SSID, even if the AP is hidden. You
>         cannot
>         connect to a hidden AP unless you know the SSID, so you'll
>         have the SSID
>         for the passphrase anyway.
>         
>         Dan
>         
>         
>         
>