A new Authentication mode for 802.11 is coming. It is part of 802.11s and is call: Simultaneous Authentication of Equals (SAE). It is a 'Zero-Knowledge' method. The author is Dan Harkins of Aruba; Dan is one of the original IKE (of IPsec) authors. We have worked together on a number of security protocols over the years (I co-chaired IPsec back then). I am the author of the original paper on the attack on 802.11i Pre-Shared Key Authentication (and one of the contributors to its design). With SAE there is NO offline attack (well unless you can factor an Elliptic Curve) and you only get one guess per authentication attempt in an active attack. The source of SAE is at: http://authsae.sourceforge.net/ It's being used in the open11s project done by cozybit. It would be nice to get it into Fedora sooner rather than later. Note, eventhough 11s is about mesh wireless networks, SAE can be used NOW in 'classic' STA to AP authentication (or AdHoc wireless). -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
