[EXT] Re: SAE: reduce loop iterations of PWE derivation
Gang Li
gang.li_1 at nxp.com
Mon Aug 12 02:03:22 PDT 2024
Hi Jouni Malinen,
Yes, I understand the consequences.
A few STAs may not support the Hash-to-Element (H2E) WPA3 SAE method, then it needs to use Hunting-and-Pecking (HnP) method.
But it takes a long time to generate PWE, causing authentication failure.
So reduce loop iterations of PWE derivation, and add CONFIG_SAE_PWE_NS macro, disable by default.
It is up to the user to decide whether to enable it.
Best Regards,
Gang Li
-----Original Message-----
From: Jouni Malinen <j at w1.fi>
Sent: 2024年8月12日 16:42
To: Gang Li <gang.li_1 at nxp.com>
Cc: hostap at lists.infradead.org
Subject: [EXT] Re: SAE: reduce loop iterations of PWE derivation
Caution: This is an external email. Please take care when clicking links or opening attachments. When in doubt, report the message using the 'Report this email' button
On Mon, Aug 12, 2024 at 07:50:53AM +0000, Gang Li wrote:
> For low-performance processors, reduce the number of loop iterations
> for PWE derivation to reduce the time to generate PWE.
> Add CONFIG_SAE_PWE_NS macro to enable it.
That would reintroduce the widely reported side-channel attacks against SAE. If you want to do that and understand the consequences, that is your choice, but I won't promote that in hostap.git.
An appropriate way to avoid the iterations is to upgrade to using the direct hash-to-element mechanism with SAE. That avoids this loop completely.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list