DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

WPS: Do not disable AP PIN permanently, only slow down attacks

Browse source 
As a compromise between usability and security, do not disable
AP PIN permanently based on failed PIN validations. Instead, go to
AP Setup Locked state for increasing amount of time between each
failure to slow down brute force attacks against the AP PIN.

This avoids problems with some external Registrars that may try
to use the same PIN multiple times without user input. Now, the
user will still be able to fix the PIN and try again later while
a real attack is delayed enough to make it impractical.
This commit is contained in:
Jouni Malinen 2010-08-24 15:24:05 +03:00
parent 035cc69d98
commit 944814106e
3 changed files with 36 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/ap/hostapd.h
View file

@ -167,6 +167,7 @@ struct hostapd_data {
#ifdef CONFIG_WPS
unsigned int ap_pin_failures;
struct upnp_wps_device_sm *wps_upnp;
unsigned int ap_pin_lockout_time;
#endif /* CONFIG_WPS */
struct hostapd_probereq_cb *probereq_cb;