WPA3 SAE and FIPS 140-3
achtol
achtol at free.fr
Fri Jul 1 15:00:25 PDT 2022
On 7/1/22 22:38, Bob Friesenhahn wrote:
> On Fri, 1 Jul 2022, achtol wrote:
>>
>> Does this mean that WPA3 is incompatible with FIPS? That would be
>> puzzling, when the arguably less secure WPA2 does not pose such a
>> problem (only constraints on the length of SSID/passphrases).
>>
>> Or, can it be claimed that these operations do not fulfill a security
>> function? In which case, I believe, using a non-FIPS-approved
>> algorithm is permitted.
>
> Regardless of the reasoning employed (and hopefully it is the latter),
> your FIPS 140-3 crypto library is not going to be very helpful since
> it will refuse to work. You would then need to find the necessary
> crypto algorithms independent of that library and add them in a
> non-conflicting way, much as hostapd/wpa_supplicant include a private
> implementation of MD5.
>
> Bob
That's right. My plan would be to throw in custom implementations of
these algorithms, for these two functions only. But to do that I need a
justification for these exceptions, so that the FIPS status of the whole
system is not questioned.
More information about the Hostap
mailing list