aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/defconfig
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-11-08 02:43:12 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-08 02:43:12 (GMT)
commit46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72 (patch)
treea17d80265ee9446d3b697dd9954a69b47e3ceb6a /wpa_supplicant/defconfig
parent6982784e20f57618b71e5b2bed46f171b5fe7ce2 (diff)
downloadhostap-06-46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72.zip
hostap-06-46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72.tar.gz
hostap-06-46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72.tar.bz2
Added an optional mitigation mechanism for certain attacks against TKIP by
delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
Diffstat (limited to 'wpa_supplicant/defconfig')
-rw-r--r--wpa_supplicant/defconfig4
1 files changed, 4 insertions, 0 deletions
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 38435cd..2653654 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -364,3 +364,7 @@ CONFIG_PEERKEY=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y