Wi-Fi ConfigurationConnecting to a Wi-Fi network (Station mode) Parent topic: Connecting to a Wi-Fi network (Station mode)

Using WEP (Wired Equivalent Privacy) for authentication and encryption

Updated: April 19, 2023

Alert: WEP is no longer considered a secure protocol for Wi-Fi authentication and encryption and should not be used unless it's on an existing Wi-Fi network that can't be reconfigured to use another more secure mechanism. We recommend that you instead use WPA, WPA2, or WPA3 for authentication and encryption wherever possible.

The IEEE 802.11 standard defines the following types of WEP authentication:

Open system authentication
The client is always authenticated with the WAP (i.e. allowed to form an association). Keys that are passed into the client aren't checked to see if they're valid. This can have the peculiar effect of having the client interface go “active” (become associated), but data won't be passed between the AP and station if the station key used to encrypt the data doesn't match that of the station.
Note: If your WEP station is active, but no traffic seems to be going through (e.g., dhclient doesn't work), check the key used for bringing up the connection.
Shared key authentication
This method involves a challenge-response handshake in which a challenge message is encrypted by the stations keys and returned to the access point for verification. If the encrypted challenge doesn't match that expected by the access point, then the station is prevented from forming an association.

Unfortunately, this mechanism (in which the challenge and subsequent encrypted response are available over the air) exposes information that could leave the system more open to attacks, so we don't recommend you use it. While the stack does support this mode of operation, the code hasn't been added to ifconfig to allow it to be set.

Note that many access points offer the capability of entering a passphrase that can be used to generate the associated WEP keys. The key-generation algorithm may vary from vendor to vendor. In these cases, the generated hexadecimal keys must be used for the network key (prefaced by 0x when used with ifconfig) and not the passphrase. This is in contrast to access points, which let you enter keys in ASCII. The conversion to the hexadecimal key in that case is a simple conversion of the text into its corresponding ASCII hexadecimal representation. The stack supports this form of conversion.

The network name can be up to 32 characters long. The WEP key must be either 40 bits long or 104 bits long. This means you have to give either 5 or 13 characters for the WEP key, or a 10- or 26-digit hexadecimal value. To use wpa_supplicant, you need to edit a configuration file to tell it what you want to do. For example: 

network = {       
  ssid = "corporate lan"      # The Wi-Fi network you want to associate to.
  key_mgmt= NONE              # NONE is for WEP or no security.
  wep_key0 = "corpseckey456"  # Most of the time, you may specify a list
                              # from wep_key0 to wep_key3 and use
                              # key index to specify which one to use. 
}

Then you may run: 

wpa_supplicant -i abc0 -c your_config_file

By default, the configuration file is /etc/wpa_supplicant.conf. Alternatively you may use wpa_cli to tell the wpa_supplicant daemon what you want to do. To complete your network configuration, see Client in infrastructure or ad hoc mode in the section on TCP/IP interface configuration.

Parent topic: Connecting to a Wi-Fi network (Station mode)