aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/defconfig
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2011-05-31 17:07:11 (GMT)
committerJouni Malinen <j@w1.fi>2011-05-31 17:07:11 (GMT)
commit38e24575c18b02a2f8bf7ea38b937ad010682872 (patch)
tree46df39222d7603aa5d9c14fea6fe05d8a9c6487a /wpa_supplicant/defconfig
parentceb34f250af7a7082f18c1e0451dc7fbc0f000f3 (diff)
downloadhostap-38e24575c18b02a2f8bf7ea38b937ad010682872.zip
hostap-38e24575c18b02a2f8bf7ea38b937ad010682872.tar.gz
hostap-38e24575c18b02a2f8bf7ea38b937ad010682872.tar.bz2
random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new command line parameter, -e, can now be used to specify an entropy file that will be used to maintain the needed state.
Diffstat (limited to 'wpa_supplicant/defconfig')
-rw-r--r--wpa_supplicant/defconfig10
1 files changed, 8 insertions, 2 deletions
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 0c8e5f2..ea925c4 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -437,10 +437,16 @@ CONFIG_PEERKEY=y
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generatior or by
+# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
-# If the os_get_random() is known to provide strong ramdom data (e.g., on
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this