Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#57413 - [wpa_supplicant] Enable CONFIG_SAE

Attached to Project: Arch Linux
Opened by Benjamin Richter (Waldteufel) - Wednesday, 07 February 2018, 13:02 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 11 December 2018, 14:29 GMT
Task Type Feature Request
Category Packages: Core
Status Assigned   Reopened
Assigned To Bartłomiej Piotrowski (Barthalion)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 3
Private No

Details

Simultaneous Authentication of Equals (SAE) is a Diffie-Hellman based key establishment protocol. It is part of the 802.11s standard for mesh networking, but can also be used in AP mode. Like WPA-PSK it works with a pre-shared password, but in contrast to WPA-PSK it protects against dictionary attacks (c.f. <http://www.willhackforsushi.com/?page_id=50>).

Due to this security benefit, I suggest enabling the CONFIG_SAE build option.
This task depends upon

Comment by Benjamin Richter (Waldteufel) - Wednesday, 07 February 2018, 13:11 GMT
Sorry, should clarify this: it protects against _offline_ dictionary attacks
Comment by Benjamin Richter (Waldteufel) - Tuesday, 11 December 2018, 14:29 GMT
  • Field changed: Percent Complete (100% → 0%)
I'm a bit confused now - even though you closed this with "fixed", the option is not enabled in the wpa_supplicant packages.
Comment by Sergej Pupykin (sergej) - Sunday, 21 July 2019, 23:41 GMT
I suggest to add CONFIG_MESH=y too to support 802.11s.
Comment by Bjoern Franke (bjo) - Friday, 22 November 2019, 20:43 GMT
Popular FritzBoxes support WPA3 now in their Beta-firmware, but as I tried to use it: invalid key_mgmt 'SAE'. Any reason why this option is still disabled?

Loading...