From 4584b66eaecdea25bd6bda97cf70105ebc8b11cb Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 24 Jun 2015 20:47:08 +0300 Subject: [PATCH] SAE: Increase security parameter k to 40 based on Dragonfly recommendation draft-irtf-cfrg-dragonfly recommends implementation to set the security parameter, k, to a value of at least 40. This will make PWE generation take significantly more resources, but makes it more likely to hide timing differences due to different number of loops needed to find a suitable PWE. Signed-off-by: Jouni Malinen --- src/common/sae.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/sae.c b/src/common/sae.c index 9d25b2b34..2fec4b3b8 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -290,7 +290,7 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1, const u8 *addr2, const u8 *password, size_t password_len) { - u8 counter, k = 4; + u8 counter, k = 40; u8 addrs[2 * ETH_ALEN]; const u8 *addr[2]; size_t len[2];