AuthSAE for WiFi

Robert Moskowitz rgm at
Mon May 16 18:07:25 UTC 2011

A new Authentication mode for 802.11 is coming.

It is part of 802.11s and is call: Simultaneous Authentication of Equals 
(SAE).  It is a 'Zero-Knowledge' method.  The author is Dan Harkins of 
Aruba; Dan is one of the original IKE (of IPsec) authors.  We have 
worked together on a number of security protocols over the years (I 
co-chaired IPsec back then).

I am the author of the original paper on the attack on 802.11i 
Pre-Shared Key Authentication (and one of the contributors to its 
design).  With SAE there is NO offline attack (well unless you can 
factor an Elliptic Curve) and you only get one guess per authentication 
attempt in an active attack.

The source of SAE is at:

It's being used in the open11s project done by cozybit.  It would be 
nice to get it into Fedora sooner rather than later.

Note, eventhough 11s is about mesh wireless networks, SAE can be used 
NOW in 'classic' STA to AP authentication (or AdHoc wireless).

More information about the test mailing list