WEP Keys in Mac OS X?

antmo asks: "Mac OS X doesn't allow you to specify which WEP key index (1-4) one wishes to use, via the Network preferences. This causes me much pain, since my employer's wireless network uses a key index other than 1. I know the AirPort card allows for this, as I am able to set all four keys in Open BSD and Debian Linux. I don't know whether this is a limitation of Mac OS X's AirPort driver or simply the preferences. I've looked all over the net, posted to many discussion forums (since March of this year), done quite a bit of tinkering with the config files and still don't have a clue how to, if possible, set which key index to send. I have not heard a thing from Apple about this, which leads me to believe they're not going to add this ability. Does anyone know whether a fix from Apple is forthcoming? Anyone know a hack to get this working?"

Re:Huh?

[antmo]

That is the WEP key, not the index.

128bit WEP easy

[jpt.d]

You need to enter the key with a $ prepended to it and using the hex. Think of hex and pascal. I have never tried 64 bit WEP.

Re:128bit WEP easy

[antmo]

No, not the WEP key. The WEP key index.

in my experience...

[linuxpng]

I've set which WEP key to use in my linksys WAP. I forced it on key 1. I then took the hex key it gave me and put that in for the password in the wireless network. For some reason I can't use the passphrase and let it adjust. Hope this helps, it works for me at least.

Clearly a disconnect, let me rephrase...

[antmo]

An 802.11b network, using WEP, allows for 4 separate WEP keys to be defined. You can then choose, within the WAP, which one you want your network clients to use/send. Think of it as part if the key. MacOSX's network configuration for the airport card, will only allow you send whatever WEP key you entered, as key index 1. If your WAP is setup to expect key index 2, 3 or 4, regardless of what the password is (could be the same for all 4 keys), it will not accept your WEP key. You must send the index which the WAP is configured to expect, along with the key.

Re:Clearly a disconnect, let me rephrase...

[Myxx]

It's an obvious troll. Don't sweat a troll; they smell bad enough as it is. Turns out that most people will do the worst things when they know they wont get caught. That's why they are AC.

What to do

[GoRK]

There are 4 keys because they can be *rotated* ... only one is active at any time. If the index is set at #3 on your AP and key number three is 1234ABCDEF, then a computer set to use the key 1234ABCDEF will work. Forget the key index. It has little to do with anything unless you actually rotate your keys.

Except that the wireless card sends it...

[hackwrench]

and the AP doesn't have to ignore it, and it would seem antmo's doesn't

Re:What to do

[Piquan]

Sure it does. You say that "only one is active at any time", but that's not the whole story, at least not network-wide.

For example, client A may be sending key 1, client B sends key 2, and the AP sends using key 3. (This is exactly what happens at my home: the AP uses key 1, one computer uses a different static key, and the rest randomly rotate each time they attach.)

The clients need all the keys, so that they can read all the data they're getting. The question of which one is "active" refers to one transmitter, not the whole network.

So, now comes the question: if you have to decrypt using any key, how do you know which one to use? It seems that 802.11 sends an index of "which key am I sending with", so that the recipient can read it. That's why the key index matters.

open source driver

[hayne]

I haven't tried this myself, but the open source driver available at http://wirelessdriver.sourceforge.net/index.html [sourceforge.net] does seem to allow you to configure which "keyslot" your WEP key goes in. And the FAQ says that this driver "is compatible with and can co-exist with Apples Airport driver". So that might be a solution to your problem.

By the way, this is a real issue, contrary to what a lot of the posters on this thread seem to think - the best explanation of the "key index" I have found is in the PDF file at http://www.practicallynetworked.com/downloads/Othe r/tb-027.pdf [practicallynetworked.com]

Re:New hardware on apple.com?

[BiOFH]

Works fine here. Don't look for any new PBs until January at least.

Multiple WEP keys not Wi-Fi compliant

[cspiff]

FYI, the Wi-Fi certification testing only tests one key at a time, in slot 1 (that's slot 0, if you count like a good C programmer). There are many things that the 802.11 specs allow, that are nevertheless outside of what Wi-Fi certifies. This is one of them.

Let your sysadmin know that s/he's configured the network in a non-Wi-Fi-compliant manner, and maybe s/he'll see the light.

FYI this ain't got nothin to do with...

[BiOFH]

$ precedent, quotation or how you set you WAP.

He ___cannot___ change the AP and it's not even vaguely related to key size or interpretation of the key by the AP.

So... please... no more posts about the above.

And, sorry antmo, I don't know. I haven't seen any notes on this anywhere. My theory would be that it didn't hit high enough on the bug list ("does our wap work? ok, then skip it for now").

So how can I do WEP with a non-Apple access point?

[Offwhite98]

In my case I have snow iBook and an airport card, which apparently just some toshiba hardware with an Apple label. The problem is that it prompts for a network name and password. I can configure my Netgear access point to do WEP, but how do I do that with my little iBook? Do I just copy/paste one of the segments or all of the segments into the password field?

A better question would be, why is Apple being such a pain about this? I should be able to connect my airport card to base stations with WEP, just as 802.11b specifies. It seems like an interface bug.

A list of instructions would be very helpful. Posting a screenshot of the login prompt would be even better.

Re:So how can I do WEP with a non-Apple access poi

[Anonymous Coward]

Hmm, this really isn't difficult. Select your AP from the menu. If it uses WEP, the Mac will ask for your WEP key. (it calls it a password...)

You used to have to put ASCII keys in quotes or preceed hex keys with a dollar sign, but in Jaguar there is a menu where you select the type of key ("password") you are entering. Sorry, no screenshot for you, you'll have to figure this out on your own... :)

Re:So how can I do WEP with a non-Apple access poi

[Offwhite98]

Thanks. The simple stuff always seems to be glossed over with more advanced discussions. I will look forward to setting up my WEP connection. I am not really worried about security, but would like to use it if possible. For about 4 months now my home network was done without encryption because OS X 10.1 did not make it clear how to run WEP. It would also be helpful if Netgear would provide some OS X instructions. From the reviews which I have read, the other network hardware companies do a good job of providing information for users of Apple hardware.

Perhaps I can make my own screenshot and save it on a website somewhere.

Boy the submitter has 1/2 the comments here

[MerlynEmrys67]

Wonder if it is time to mod this whole story down as -1 uninformative. If your environment won't support the tools that you need, it is time to change to an environment that will...

I don't even bother with WEP, WAY too easy to hack, that is why there are VPN applications that run on top of it...

Oh well, anyone that wants to rely on bad/wierdly configured security should expect trouble... Guess it is time to be modded down myself to -1 Troll...

WEP is broken...

[wirelessbuzzers]

There is little point to using WEP anymore. It may keep out people who know nothing about the software from accidentally connecting to your network, but if someone actually wants to spy on you or steal your bandwidth, they can just use AirSnort [shmoo.com] to break the encryption in seconds.

On the other hand, try convincing your boss of that...