8.2.1 WPA testing

Javier Cardona javier at cozybit.com
Mon Mar 2 13:39:10 EST 2009 

Hi Chris,

On Sun, Mar 1, 2009 at 4:08 PM, Chris Ball <cjb at laptop.org> wrote:
> I've been working on trying to quantify the difference in WPA behavior
> between 8.2.0 and 8.2.1.
> (...)
>
> Failures leave the string "Activation (eth0/wireless): disconnected
> during association, asking for new key" in /var/log/messages.  A second
> type of failure is seen only on 8.2.0, namely "Unhandled network
> capabilities 10000001"; this bug is fixed in 8.2.1, and was not included
> in the totals below.

There were a number of timing problems between the driver,
wpa_supplicant and NM, and the "Unhandled network..." was one of them.
 See #8667 and #8799 for more details.  The patches submitted for
those tickets addressed some of the problems, but not all.

In addition to this, there are two important wireless fixes in 8.2.1:
#7825 and #9048.  The first one is a failure to associate to "fast"
Access Points when WPA is enabled.  This was a serious problem, making
it impossible (not just unreliable) to associate with certain AP
models.  The second problem was causing a packet loss while scanning,
something the xo does quite frequently.

> Conclusion:
>  For this particular bug (being asked to re-enter the WPA passphrase
>  at connection time), with the particular WPA access points at 1cc, we
>  already had sporadic failures as of 8.2.0.  8.2.1 appears to make them
>  slightly worse, perhaps suggesting a widening of a race condition in
>  the newer driver or wireless firmware.  We already know installing
>  WPA keys to be time-critical:  see relevant recent commits ¹ and ².

I would suggest to compare the two versions with different AP models.
For instance, with the D-Link WBR-2310 you will see a huge improvement
when using 8.2.1.

> Advice:
>  We should not claim reliable WPA support in 8.2.1.

Agreed.  However, I believe you can claim reliable WPA2 support, as
the WPA2 handshake doesn't have this timing vulnerability.
Have not tested extensively, but my experience was that WPA2 was very reliable.

Cheers,

Javier

-- 
Javier Cardona
cozybit Inc.

More information about the Devel mailing list