WPA packet number reuse with replayed messages and key reinstallation

Yaniv Klinger yklinger at gmail.com
Thu Oct 19 08:11:44 PDT 2017

Thank you for the clarification Jouni.

On Thu, Oct 19, 2017 at 12:28 PM, Jouni Malinen <j at w1.fi> wrote:
> On Wed, Oct 18, 2017 at 06:45:56PM +0300, Yaniv Klinger wrote:
>> On the "Impact on AP/Hostapd" section on the site it is mentioned that:
>> "When AP/Authenticator implementation in hostapd is requested to rekey
>> the PTK without performing EAP reauthentication (either through local
>> periodic rekeying or due to a request from an association station),
>> the ANonce value does not get updated ... "
>> My question if this case is applicable only to Fast BSS Transition
>> (FT), because as I see it, it might happen also on WPA, when
>> supplicant has a MIC problem, regardless of FT, and AP is not running
>> local periodic rekeying. If so, is this patch needed ?
> This "Fix PTK rekeying to generate a new ANonce" patch is completely
> independent of FT and is needed for all cases where hostapd is used.
> Only the "hostapd: Avoid key reinstallation in FT handshake" patch is
> specific to FT.
> --
> Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list