SAE: reduce loop iterations of PWE derivation
Jouni Malinen
j at w1.fi
Mon Aug 12 01:41:57 PDT 2024
On Mon, Aug 12, 2024 at 07:50:53AM +0000, Gang Li wrote:
> For low-performance processors, reduce the number of loop iterations
> for PWE derivation to reduce the time to generate PWE.
> Add CONFIG_SAE_PWE_NS macro to enable it.
That would reintroduce the widely reported side-channel attacks against
SAE. If you want to do that and understand the consequences, that is
your choice, but I won't promote that in hostap.git.
An appropriate way to avoid the iterations is to upgrade to using the
direct hash-to-element mechanism with SAE. That avoids this loop
completely.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list