Re: SAE vs 4-Way Handshake

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 30, 2015 at 08:58:02PM +0530, Neelansh Mittal wrote:
> Could any one please let me know why 80211s uses SAE instead of the 4
> way handshake?

It is not really using SAE instead of the 4-way handshake; SAE is used
to derive a PMK that can be used in the next step.

> Couldn't they used the already existing WPA2 handshake to check if
> both the parties have the correct PMK (and thereby authenticating each
> other).

If there was no concern about the security of low-entropy passwords,
yes, something like that could have been done, but SAE makes the design
stronger from security view point for cases where the passwords used to
protect the network are not exactly strong (which is likely to be a
common case). The 4-way handshake is not exactly ideal for use cases
where the PMK is not of sufficient entropy (e.g., anything based on
human generated passwords could be subject to offline dictionary attacks).

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux