aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/ChangeLog
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-11-08 02:43:12 (GMT)
committerJouni Malinen <j@w1.fi>2008-11-08 02:43:12 (GMT)
commit46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72 (patch)
treea17d80265ee9446d3b697dd9954a69b47e3ceb6a /wpa_supplicant/ChangeLog
parent6982784e20f57618b71e5b2bed46f171b5fe7ce2 (diff)
downloadhostap-46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72.zip
hostap-46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72.tar.gz
hostap-46690a3b9bdb226e3a8a66315cc9e9db3ed5cf72.tar.bz2
Added an optional mitigation mechanism for certain attacks against TKIP by
delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
Diffstat (limited to 'wpa_supplicant/ChangeLog')
-rw-r--r--wpa_supplicant/ChangeLog4
1 files changed, 4 insertions, 0 deletions
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index c41d2e8..1f7d8d6 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -8,6 +8,10 @@ ChangeLog for wpa_supplicant
* added a new network configuration option, wpa_ptk_rekey, that can be
used to enforce frequent PTK rekeying, e.g., to mitigate some attacks
against TKIP deficiencies
+ * added an optional mitigation mechanism for certain attacks against
+ TKIP by delaying Michael MIC error reports by a random amount of time
+ between 0 and 60 seconds; this can be enabled with a build option
+ CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config
* fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
not bytes