SAE vs 4-Way Handshake

Jouni Malinen j at w1.fi
Fri Oct 30 10:52:42 PDT 2015


On Fri, Oct 30, 2015 at 08:58:02PM +0530, Neelansh Mittal wrote:
> Could any one please let me know why 80211s uses SAE instead of the 4
> way handshake?

It is not really using SAE instead of the 4-way handshake; SAE is used
to derive a PMK that can be used in the next step.

> Couldn't they used the already existing WPA2 handshake to check if
> both the parties have the correct PMK (and thereby authenticating each
> other).

If there was no concern about the security of low-entropy passwords,
yes, something like that could have been done, but SAE makes the design
stronger from security view point for cases where the passwords used to
protect the network are not exactly strong (which is likely to be a
common case). The 4-way handshake is not exactly ideal for use cases
where the PMK is not of sufficient entropy (e.g., anything based on
human generated passwords could be subject to offline dictionary attacks).

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list