802.11w and 128/256 bit SHA.
Ben Greear
greearb at candelatech.com
Thu Nov 13 10:22:55 EST 2014
On 11/13/2014 01:49 AM, Jouni Malinen wrote:
> On Mon, Nov 10, 2014 at 01:34:53PM -0800, Ben Greear wrote:
>> I have been trying to understand 802.11w a bit better, and I
>> have a question:
>>
>> Should we always disable the non-SHA256 versions of key management
>> if we are trying to require ieee80211w?
>
> While the standard does not require this, there is not really much of a
> point in enabling the old AKMs if ieee80211w=2 is used, so yes, I would
> only include the SHA256-based version in that configuration (and both
> SHA-1 and SHA256 with ieee80211w=1).
If the key version is 3, and we are using 128bit SHA, then supplicant
fails the connections (see previous posting I made to the mailing list).
Is that per design?
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP
mailing list