CentOS 5.4 + WPA2 = Frustration

[Stereodude]

So I got my Intel 5100 Wireless LAN card tonight. I put it in my Atom330 / ION Mini-ITX system. I followed the guide on the 5100 and starting the NetworkManager Service.

Unfortunately, I can't connect to my wireless network. I can see my network as well as my neighbors', but I can't connect to mine. I use WPA2 encryption and a 63 character key. I can connect to my wireless network if I disable security, but not with WPA2 enabled. I did a copy and paste on the key, so I know it's entered correctly (and I tried it more than once). I know the MAC address is entered in the access restriction filter correctly since it worked with the security key disabled, but the MAC filter still enabled.

Any ideas?

 

[time]

Is it possible the driver is actually only supporting WPA rather than WPA2?

Are you using TKIP or AES encryption?

Have you tried entering 64 hexadecimal digits instead, to stop the 256-bit key being calculated?

 

[Mercutio]

Try using a shorter key. See if it works.

 

[Stereodude]

I tried using WEP and it worked fine. I also tried WPA with no luck.

I'm using AES. I also tried TKIP with no change.

However, I took Merc's advice and tried a shorter key of mytestkey and it worked fine.

 

[Stereodude]

Well, I'm not entirely sure what the problem was / is. It doesn't like a 63 character key, but a 62 character key (with the last letter removed) works fine. I doesn't even look like it attempts to connect with a 63 character key. With shorter key it's got a little animated icon that runs while it tries to connect. With the 63 character key that animation doesn't happen and nothing happens.

Edit: It looks like I'm not the only person to find this problem. link

 

[Stereodude]

So, a patch is listed here. How where do I get / how do I apply the "rh532723-long-psk-fix.patch" patch to my CentOS install?

 

[Handruin]

Do you really need the 63rd character. It sounds like you already went above and beyond!

 

[LunarMist]

Do you really need the 63rd character. It sounds like you already went above and beyond!

Is that many necessary? What happens if 36 are used?

 

[ddrueding]

Is that many necessary? What happens if 36 are used?

It only takes 100TB of intercepted data to crack instead of 300TB....or something to that effect.

 

[timwhit]

So, a patch is listed here. How where do I get / how do I apply the "rh532723-long-psk-fix.patch" patch to my CentOS install?

You would need to get the source. Apply the patch, which looks like it changes 1 line of code and then rebuild the package. Not worth it in my opinion.

Or you could just change your key and wait for the next release, which will most likely fix the problem.

 

[time]

Try using a shorter key. See if it works.

Given that he was using the maximum, and he only had to reduce it by one, this makes you look eerily omniscient.

 

[Mercutio]

Given that he was using the maximum, and he only had to reduce it by one, this makes you look eerily omniscient.

It's really easy, when you're writing code that handles strings like that, to mess up the string length someplace. I wouldn't think somebody working on a driver like that might do it, but I know I screwed it up enough times when I was an undergrad.

Also, how many people actually use a 63-digit passphrase?

 

[Will Rickards]

I tried to use one. But certain devices didn't like it.

 

[Adcadet]

How many people use a passphrase other than their pets name or the same name as their SSID? Around here I'm guessing the answers is just a few, thanks to my IBMer neighbors.

 

[ddrueding]

I use a massive, randomly-generated string. Around 48 characters.

 

[Mercutio]

Mine is only 19 characters long. I doubt I'm particularly insecure.

 

[Handruin]

Mine is probably 9 characters. Unless if someone manually guesses it, does it make much difference from a hacking point of view? Meaning will it take 15 times longer to crack your 19 character pass phrase vs my 9?

 

[Mercutio]

I doubt it.
And the only thing they'd get out of having my passphrase is access to my internet connection, which is kind of pointless since mine is being used quite heavily and my neighbors mostly have open APs.

I guess if I didn't have security applied to my shared files, I'd probably have some cool stuff, you wouldn't be able to tell that just from my wirelesnetwork.

 

[Stereodude]

Hey, I like my 63 character WPA2 key.

This is the first time I've had a problem with any device not accepting it. I've used it on about 7 PCs (all running Windows). Since this Linux box isn't going to sit on on my network long term it doesn't really matter. I'll plug it in while I get it working and not worry about the wireless. It'll work fine where it will eventually sit since the WPA key there is only 32 characters long.

 

[LunarMist]

How much difference does it make anyway? If the government wants your illegal files, they can produce a search warrant.

 

[Stereodude]

WPA2 doesn't have anything to do with files. It has to do with network traffic.

 

[MaxBurn]

They are just discussing that a network key is only a part of the security breach in getting to data.

 

[Howell]

I don't have a wireless key. I restrict by MAC. I don't like the performance penalty and incompatibilities of security keys.

 

[ddrueding]

I know MACs aren't difficult to spoof, and I'm pretty sure that your traffic is passing through the air unencrypted...

 

[Mercutio]

Also, it's trivially easy to change a MAC address.

 

[Howell]

That's the price you pay.