Re: Please add SAE support for WiFi

From: Dan Williams <dcbw redhat com>
To: Robert Moskowitz <rgm htt-consult com>
Cc: networkmanager-list gnome org
Subject: Re: Please add SAE support for WiFi
Date: Fri, 16 Dec 2011 11:19:27 -0600

On Fri, 2011-12-16 at 11:36 -0500, Robert Moskowitz wrote:
> The 802.11s standard is now published.  Boy did that take long enough!  :)
> 
> There is a new password authentication method in 11s that the way it was 
> defined will work just fine between an AP and STA, or in adhoc between 
> two STAs.  This method is called "Secure Authentication of Equals" or 
> SAE.  It is a zero-based knowledge authenticaiton method that is immune 
> to offline attacks and an active attack gets only one guess per attack.  
> SAE is defined in Section 8.2a of 802.11s-2011.  It is already in the 
> OpenAP code (or so its author, Dan Harkins of Aruba told me).
> 
> We finally have a strong password authentication method for WiFi.  BTW, 
> I am the author of the first paper on how to attack WPA-PSK, so I am 
> directly involved in 802.11 security issues.
> 
> I would hope to see SAE in APs in the near future.

The process typically is to make sure that wpa_supplicant and the kernel
drivers support the feature in question, and then finally we can modify
NM to make use of it too.  I'll be on the lookout for SAE support
there...

Thanks,
Dan

Follow-Ups:
- Re: Please add SAE support for WiFi
  - From: Robert Moskowitz

References:
- Please add SAE support for WiFi
  - From: Robert Moskowitz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]