SAE: reduce loop iterations of PWE derivation

Jouni Malinen j at w1.fi
Mon Aug 12 01:41:57 PDT 2024


On Mon, Aug 12, 2024 at 07:50:53AM +0000, Gang Li wrote:
> For low-performance processors, reduce the number of loop iterations
> for PWE derivation to reduce the time to generate PWE.
> Add CONFIG_SAE_PWE_NS macro to enable it.

That would reintroduce the widely reported side-channel attacks against
SAE. If you want to do that and understand the consequences, that is
your choice, but I won't promote that in hostap.git.

An appropriate way to avoid the iterations is to upgrade to using the
direct hash-to-element mechanism with SAE. That avoids this loop
completely.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list