802.11w and 128/256 bit SHA.

Ben Greear greearb
Thu Nov 13 07:22:55 PST 2014

On 11/13/2014 01:49 AM, Jouni Malinen wrote:
> On Mon, Nov 10, 2014 at 01:34:53PM -0800, Ben Greear wrote:
>> I have been trying to understand 802.11w a bit better, and I
>> have a question:
>> Should we always disable the non-SHA256 versions of key management
>> if we are trying to require ieee80211w?
> While the standard does not require this, there is not really much of a
> point in enabling the old AKMs if ieee80211w=2 is used, so yes, I would
> only include the SHA256-based version in that configuration (and both
> SHA-1 and SHA256 with ieee80211w=1).

If the key version is 3, and we are using 128bit SHA, then supplicant
fails the connections (see previous posting I made to the mailing list).

Is that per design?


Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the Hostap mailing list