Tiny Core Extensions > TCE Corepure64

wpa_supplicant-dbus WPA3-SAE support

<< < (2/3) > >>

GNUser:
Hi Paul_123.

--- Quote from: Paul_123 on September 12, 2024, 01:17:56 PM ---Are you going pure WPA3?

--- End quote ---
Yes, that's my intention.

* my AP's firmware supports it and I recompiled hostapd for it to add SAE support
* clients' firmware support it and just now I compiled wpa_supplicant 2.11 with SAE support for them

But it's all wishful thinking until I'm actually home later today and can test it all out. I'm hoping to get away with wpa_supplicant and not have to resort to iwd/eiwd.

Thanks for the heads up regarding wireless_tools. I'm good there--I migrated all my scripts to  iw  several months ago.

Rich:
Hi GNUser

--- Quote from: GNUser on September 12, 2024, 01:38:25 PM ---Hi Paul_123.

--- Quote from: Paul_123 on September 12, 2024, 01:17:56 PM ---Are you going pure WPA3?
--- End quote ---
Yes, that's my intention. ...
--- End quote ---
Surely you can maintain backward compatibility.

Yeah, yeah. I know, .... "And don't call me Shirley". ;D

Paul_123:
Only reason to move to WPA3, would be to close the holes in WPA2.  Maintaining backwards compatibility would defeat the purpose, since the WPA2 holes would still be there.

GNUser:
Hi Paul_123. My AP is powered by TCL (running updated hostapd with SAE support). Here is what my TCL clients (running updated wpa_supplicant with SAE support) are telling me:


--- Code: ---$ wpa_cli status
Selected interface 'wlan0'
bssid=xxx
freq=5180
ssid=xxx
id=0
mode=station
wifi_generation=5
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=SAE
pmf=1
mgmt_group_cipher=BIP
sae_group=19
sae_h2e=0
sae_pk=0
wpa_state=COMPLETED
ip_address=xxx
p2p_device_address=xxx
address=xxx
uuid=xxx
ieee80211ac=1

--- End code ---
I think things are looking pretty good :) Anything you'd tweak?

Hi Rich. I think I'm going to agree with you (as usual) and go with WPA2/WPA3 Transitional (mixed) security in my AP configuration--for the sake of the handful of devices in my home that do not support WPA3 as well as for the sake of my guests (whose devices may or may not support WPA3).

Paul_123:
Running WPA/Hostapd of the same version definitely makes it easier.

Why complicated things with a mixed WPA2/3 environment.  Since the weak spot is the WPA2 device......The 4way handshake of the WPA2 device is what would get attacked.



Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version