WPA packet number reuse with replayed messages and key reinstallation

Yaniv Klinger yklinger at gmail.com
Thu Oct 19 08:11:44 PDT 2017


Thank you for the clarification Jouni.

On Thu, Oct 19, 2017 at 12:28 PM, Jouni Malinen <j at w1.fi> wrote:
> On Wed, Oct 18, 2017 at 06:45:56PM +0300, Yaniv Klinger wrote:
>> On the "Impact on AP/Hostapd" section on the site it is mentioned that:
>> "When AP/Authenticator implementation in hostapd is requested to rekey
>> the PTK without performing EAP reauthentication (either through local
>> periodic rekeying or due to a request from an association station),
>> the ANonce value does not get updated ... "
>>
>> My question if this case is applicable only to Fast BSS Transition
>> (FT), because as I see it, it might happen also on WPA, when
>> supplicant has a MIC problem, regardless of FT, and AP is not running
>> local periodic rekeying. If so, is this patch needed ?
>
> This "Fix PTK rekeying to generate a new ANonce" patch is completely
> independent of FT and is needed for all cases where hostapd is used.
> Only the "hostapd: Avoid key reinstallation in FT handshake" patch is
> specific to FT.
>
> --
> Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list