WPA packet number reuse with replayed messages and key reinstallation

Jouni Malinen j at w1.fi
Thu Oct 19 02:28:57 PDT 2017

On Wed, Oct 18, 2017 at 06:45:56PM +0300, Yaniv Klinger wrote:
> On the "Impact on AP/Hostapd" section on the site it is mentioned that:
> "When AP/Authenticator implementation in hostapd is requested to rekey
> the PTK without performing EAP reauthentication (either through local
> periodic rekeying or due to a request from an association station),
> the ANonce value does not get updated ... "
> My question if this case is applicable only to Fast BSS Transition
> (FT), because as I see it, it might happen also on WPA, when
> supplicant has a MIC problem, regardless of FT, and AP is not running
> local periodic rekeying. If so, is this patch needed ?

This "Fix PTK rekeying to generate a new ANonce" patch is completely
independent of FT and is needed for all cases where hostapd is used.
Only the "hostapd: Avoid key reinstallation in FT handshake" patch is
specific to FT.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list