Getting support for SAE for WiFi
Robert Moskowitz
rgm at htt-consult.com
Fri Dec 16 19:32:15 UTC 2011
On 12/16/2011 11:43 AM, Robert Moskowitz wrote:
> I requested this on the Network Manager list, but probably it has to
> be implemented a bit deeper than there....
>
> This list is probably the closest I am to developers of Fedora.
>
> The 802.11s standard is now published. Boy did that take long
> enough! :)
>
> There is a new password authentication method in 11s that the way it
> was defined will work just fine between an AP and STA, or in adhoc
> between two STAs. This method is called "Secure Authentication of
> Equals" or SAE. It is a zero-based knowledge authenticaiton method
> that is immune to offline attacks and an active attack gets only one
> guess per attack. SAE is defined in Section 8.2a of 802.11s-2011. It
> is already in the OpenAP code (or so its author, Dan Harkins of Aruba
> told me).
>
> We finally have a strong password authentication method for WiFi.
> BTW, I am the author of the first paper on how to attack WPA-PSK, so I
> am directly involved in 802.11 security issues.
Looks like it might already be in user space?
http://marc.info/?l=linux-wireless&m=130145440930760&w=2
It is NOT in NetworkManager as a security choice in f16.
>
> I would hope to see SAE in APs in the near future.
I am digging into OpenWRT for AP support.
More information about the test
mailing list