Using WEP (Wired Equivalent Privacy) for authentication and encryption

WEP can be used for both authentication and privacy with your wireless network. Authentication is a required precursor to allowing a station to associate with an access point.

The IEEE 802.11 standard defines the following types of WEP authentication:

Open system authentication
The client is always authenticated with the WAP (i.e. allowed to form an association). Keys that are passed into the client aren't checked to see if they're valid. This can have the peculiar effect of having the client interface go "active" (become associated), but data won't be passed between the AP and station if the station key used to encrypt the data doesn't match that of the station.
Note: If your WEP station is active, but no traffic seems to be going through (e.g., dhclient doesn't work), check the key used for bringing up the connection.
Shared key authentication
This method involves a challenge-response handshake in which a challenge message is encrypted by the stations keys and returned to the access point for verification. If the encrypted challenge doesn't match that expected by the access point, then the station is prevented from forming an association.

Unfortunately, this mechanism (in which the challenge and subsequent encrypted response are available over the air) exposes information that could leave the system more open to attacks, so we don't recommended you use it. While the stack does support this mode of operation, the code hasn't been added to ifconfig to allow it to be set.

Note that many access points offer the capability of entering a passphrase that can be used to generate the associated WEP keys. The key-generation algorithm may vary from vendor to vendor. In these cases, the generated hexadecimal keys must be used for the network key (prefaced by 0x when used with ifconfig) and not the passphrase. This is in contrast to access points, which let you enter keys in ASCII. The conversion to the hexadecimal key in that case is a simple conversion of the text into its corresponding ASCII hexadecimal representation. The stack supports this form of conversion.

Given the problems with WEP in general, we recommend you use WPA / WPA2 for authentication and encryption where possible.

The network name can be up to 32 characters long. The WEP key must be either 40 bits long or 104 bits long. This means you have to give either 5 or 13 characters for the WEP key, or a 10- or 26-digit hexadecimal value.

You can use either ifconfig or wpa_supplicant to configure a WEP network.

If you use ifconfig, the command is in the form:

ifconfig if_name ssid the_ssid nwkey the_key

For example, if your interface is abc0, and you're using 128-bit WEP encryption, you can run:

ifconfig abc0 ssid "corporate lan" nwkey corpseckey456 up

Once you've entered the network name and encryption method, the 802.11 network should be active (you can verify this with ifconfig). In the case of ad hoc networks, the status will be shown as active only if there's at least one other peer on the (SSID) network:

ifconfig abc0 
abc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 
    ssid "corporate lan" nwkey corpseckey456
    powersave off
    bssid 00:11:22:33:44:55 chan 11
    address: 11:44:88:44:88:44
    media: IEEE802.11 autoselect (OFDM36 mode 11g)
    status: active

Once the network status is active, you can send and receive packets on the wireless link.

If you use wpa_supplicant, you need to edit a configuration file to tell it what you want to do. For example:

network = {       
  ssid = "corporate lan"      # The Wi-Fi network you want to associate to.
  key_mgmt= NONE              # NONE is for WEP or no security.
  wep_key0 = "corpseckey456"  # Most of the time, you may specify a list
                              # from wep_key0 to wep_key3 and use
                              # key index to specify which one to use. 
}

Then you may run:

wpa_supplicant -i abc0 -c your_config_file

By default, the configuration file is /etc/wpa_supplicant.conf. Alternatively you may use wpa_cli to tell the wpa_supplicant daemon what you want to do. To complete your network configuration, see "Client in Infrastructure or ad hoc mode" in the section on TCP/IP interface configuration.