hostapd: 4-way handshake and replay counter handling?

Helmut Schaa helmut.schaa at googlemail.com
Mon Oct 17 04:53:56 EDT 2011


On Sat, Oct 15, 2011 at 4:17 PM, Jouni Malinen <j at w1.fi> wrote:
>> >From IEEE 802.11-2007 8.5.3.2 (page 213):
>>
>> "On reception of Message 2, the Authenticator checks that the key replay
>> counter corresponds to the outstanding Message 1. If not, it silently discards
>> the message."
>>
>> Hence, shouldn't hostapd just discard the first msg 2/4 it receives
>> from the STA?
>
> Well, yes, in theory.. However, this is problematic because doing so can
> break interoperability with some deployed stations.

Agreed, what about the following:

Assume we receive a 2/4 reply to our first 1/4 msg and we start sending out
3/4. But if we receive a "different" 2/4 reply afterwards we should maybe
send the next 3/4 retry based on the latest 2/4?

Helmut


More information about the HostAP mailing list