-
Martin Weinelt authoredThis package adds support for SAE on 802.11s mesh connections. Enabling this package will require all 802.11s mesh connections to be encrypted using the SAE key agreement scheme. The security of SAE relies upon the authentication through a shared secret. In the context of public mesh networks a shared secret is an obvious oxymoron. Still this functionality provides an improvement over unencrypted mesh connections in that it protects against a passive attacker who did not observe the key agreement. In addition Management Frame Protection (802.11w) gets automatically enabled on mesh interfaces to prevent protocol-level deauthentication attacks. If `wifi.mesh.sae` is enabled a shared secret will automatically be derived from the `prefix6` variable. This is as secure as it gets for a public mesh network. For *private* mesh networks `wifi.mesh.sae_passphrase` should be set to your shared secret. Fixes #1636
Martin Weinelt authoredThis package adds support for SAE on 802.11s mesh connections. Enabling this package will require all 802.11s mesh connections to be encrypted using the SAE key agreement scheme. The security of SAE relies upon the authentication through a shared secret. In the context of public mesh networks a shared secret is an obvious oxymoron. Still this functionality provides an improvement over unencrypted mesh connections in that it protects against a passive attacker who did not observe the key agreement. In addition Management Frame Protection (802.11w) gets automatically enabled on mesh interfaces to prevent protocol-level deauthentication attacks. If `wifi.mesh.sae` is enabled a shared secret will automatically be derived from the `prefix6` variable. This is as secure as it gets for a public mesh network. For *private* mesh networks `wifi.mesh.sae_passphrase` should be set to your shared secret. Fixes #1636