SAE vs 4-Way Handshake
Neelansh Mittal
neelansh at gmail.com
Fri Oct 30 12:06:22 PDT 2015
>>If there was no concern about the security of low-entropy passwords,
>>yes, something like that could have been done, but SAE makes the design
>>stronger from security view point for cases where the passwords used to
>>protect the network are not exactly strong (which is likely to be a
>>common case). The 4-way handshake is not exactly ideal for use cases
>>where the PMK is not of sufficient entropy (e.g., anything based on
>>human generated passwords could be subject to offline dictionary attacks).
Thanks.This clarifies my doubt. And it makes sense too, even though we
are trading off speed(additional number of frames being exchanged for
SAE ) for security.This even calls for the BSS networks(and not just
MBSS) to move to SAE , when Shared Passphrase is used,instead of
using the PSK as PMK.
Regards
Neelansh
On Fri, Oct 30, 2015 at 11:22 PM, Jouni Malinen <j at w1.fi> wrote:
> On Fri, Oct 30, 2015 at 08:58:02PM +0530, Neelansh Mittal wrote:
>> Could any one please let me know why 80211s uses SAE instead of the 4
>> way handshake?
>
> It is not really using SAE instead of the 4-way handshake; SAE is used
> to derive a PMK that can be used in the next step.
>
>> Couldn't they used the already existing WPA2 handshake to check if
>> both the parties have the correct PMK (and thereby authenticating each
>> other).
>
> If there was no concern about the security of low-entropy passwords,
> yes, something like that could have been done, but SAE makes the design
> stronger from security view point for cases where the passwords used to
> protect the network are not exactly strong (which is likely to be a
> common case). The 4-way handshake is not exactly ideal for use cases
> where the PMK is not of sufficient entropy (e.g., anything based on
> human generated passwords could be subject to offline dictionary attacks).
>
> --
> Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list