Commit graph

57 commits

Author SHA1 Message Date
Jouni Malinen
c31a11c962 Changed PEAPv0 cryptobinding to be disabled by default
There are some interoperability issues with Windows Server 2008 NPS, so
better disable cryptobinding use by default for now.
2008-11-20 12:49:34 +02:00
Jouni Malinen
581a8cde77 Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).

With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
2008-11-06 19:57:21 +02:00
Jouni Malinen
2e8c9a27f5 Fixed a typo 2008-10-02 12:40:24 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
d6888f9e37 PEAPv0: Added crypto_binding configuration option (part of phase1)
crypto_binding=# in phase1 network parameter can now be used to change the
PEAPv0 cryptobinding behavior (0 = do not use, 1 = optional (default),
2 = required).
2008-04-08 14:57:39 +03:00
Jouni Malinen
9474b3a4e4 Added a missing '#' to indicate a comment. 2008-03-05 16:06:43 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00