Hi Jouni Malinen, Yes, I understand the consequences. A few STAs may not support the Hash-to-Element (H2E) WPA3 SAE method, then it needs to use Hunting-and-Pecking (HnP) method. But it takes a long time to generate PWE, causing authentication failure. So reduce loop iterations of PWE derivation, and add CONFIG_SAE_PWE_NS macro, disable by default. It is up to the user to decide whether to enable it. Best Regards, Gang Li -----Original Message----- From: Jouni Malinen <j@xxxxx> Sent: 2024年8月12日 16:42 To: Gang Li <gang.li_1@xxxxxxx> Cc: hostap@xxxxxxxxxxxxxxxxxxx Subject: [EXT] Re: SAE: reduce loop iterations of PWE derivation Caution: This is an external email. Please take care when clicking links or opening attachments. When in doubt, report the message using the 'Report this email' button On Mon, Aug 12, 2024 at 07:50:53AM +0000, Gang Li wrote: > For low-performance processors, reduce the number of loop iterations > for PWE derivation to reduce the time to generate PWE. > Add CONFIG_SAE_PWE_NS macro to enable it. That would reintroduce the widely reported side-channel attacks against SAE. If you want to do that and understand the consequences, that is your choice, but I won't promote that in hostap.git. An appropriate way to avoid the iterations is to upgrade to using the direct hash-to-element mechanism with SAE. That avoids this loop completely. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
