Re: [PATCH 07/14] AP: Rename SAE anti clogging variables and functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Mar 01, 2020 at 09:16:40AM +0000, Peer, Ilan wrote:
> I cannot really guarantee that such a thing would be adequately implemented
> by stations. As the anti-clogging token indexing  is based on the station address
> I can extend comeback_token_hash() to concatenate the authentication algorithm
> ID with the address, to allow concurrent support for SAE and PASN. What do you think?

The more I try to understand how comeback cookie mechanism in
P802.11az/D2.0 is supposed to work, the more I start to think that it
should really be designed differently.. This is similar to the SAE
anti-clogging token design and that design is known to not really
provide much protection since it does not require any significant
calculation need on the attacker side. With that in mind, I'm not sure I
have a good answer on how the current design should be implemented since
I hope the current design changes before the implementation was this
would be added.. Anyway, if we do need to move ahead with the current
design, it would likely be a good idea to make the tokens distinct from
the ones used in SAE.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux