Please add SAE support for WiFi
The 802.11s standard is now published. Boy did that take long enough! :) There is a new password authentication method in 11s that the way it was defined will work just fine between an AP and STA, or in adhoc between two STAs. This method is called Secure Authentication of Equals or SAE. It is a zero-based knowledge authenticaiton method that is immune to offline attacks and an active attack gets only one guess per attack. SAE is defined in Section 8.2a of 802.11s-2011. It is already in the OpenAP code (or so its author, Dan Harkins of Aruba told me). We finally have a strong password authentication method for WiFi. BTW, I am the author of the first paper on how to attack WPA-PSK, so I am directly involved in 802.11 security issues. I would hope to see SAE in APs in the near future. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Please add SAE support for WiFi
On Fri, 2011-12-16 at 11:36 -0500, Robert Moskowitz wrote: The 802.11s standard is now published. Boy did that take long enough! :) There is a new password authentication method in 11s that the way it was defined will work just fine between an AP and STA, or in adhoc between two STAs. This method is called Secure Authentication of Equals or SAE. It is a zero-based knowledge authenticaiton method that is immune to offline attacks and an active attack gets only one guess per attack. SAE is defined in Section 8.2a of 802.11s-2011. It is already in the OpenAP code (or so its author, Dan Harkins of Aruba told me). We finally have a strong password authentication method for WiFi. BTW, I am the author of the first paper on how to attack WPA-PSK, so I am directly involved in 802.11 security issues. I would hope to see SAE in APs in the near future. The process typically is to make sure that wpa_supplicant and the kernel drivers support the feature in question, and then finally we can modify NM to make use of it too. I'll be on the lookout for SAE support there... Thanks, Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Please add SAE support for WiFi
On 12/16/2011 12:19 PM, Dan Williams wrote: On Fri, 2011-12-16 at 11:36 -0500, Robert Moskowitz wrote: The 802.11s standard is now published. Boy did that take long enough! :) There is a new password authentication method in 11s that the way it was defined will work just fine between an AP and STA, or in adhoc between two STAs. This method is called Secure Authentication of Equals or SAE. It is a zero-based knowledge authenticaiton method that is immune to offline attacks and an active attack gets only one guess per attack. SAE is defined in Section 8.2a of 802.11s-2011. It is already in the OpenAP code (or so its author, Dan Harkins of Aruba told me). We finally have a strong password authentication method for WiFi. BTW, I am the author of the first paper on how to attack WPA-PSK, so I am directly involved in 802.11 security issues. I would hope to see SAE in APs in the near future. The process typically is to make sure that wpa_supplicant and the kernel drivers support the feature in question, and then finally we can modify NM to make use of it too. I'll be on the lookout for SAE support there... I sent this message also to the Fedora test list. That is the closest list I am on to the developers. I am right now in the need of a new AP, so I am searching for one that I can afford that will be able to get SAE support. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Please add SAE support for WiFi
On 12/16/2011 11:43 AM, Robert Moskowitz wrote: I sent this message also to the Fedora test list. That is the closest list I am on to the developers. I am right now in the need of a new AP, so I am searching for one that I can afford that will be able to get SAE support. You should send your request to linux-wirel...@vger.kernel.org. That is where most of the developers of the IEEE80211 MAC layer, the supplicant, and the device drivers can be found. When SAE support is available in Linux, you would be able to implement it in nearly every router that runs openWRT. Only those units with very limited memory would be excluded. As openWRT-capable APs are mostly consumer grade, they should be affordable. Larry ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Increased RAM usage with nm-applet 0.8.0 to 0.8.1
So - I've discovered that the increase in memory usage is coming from an update to ifupdown - not network manager. Is that related to this list or should I report the issue elsewhere? On Mon, Dec 12, 2011 at 3:36 PM, Dan Williams d...@redhat.com wrote: On Mon, 2011-12-12 at 23:09 +0200, Uwe Geuder wrote: On 12 December 2011 09:29, Jeff Hoogland jeffhoogl...@linux.com wrote: Attached are the two outputs you requested, digging through them now to see if I can pinpoint the issue. Did you find out anything? I converted the outputs to csv, loaded them into an OpenOffice spreadsheet, summed up each category of memory and compared your 2 versions. The differences are really marginal, depending on the memory category sometimes in favor of the old and sometimes in favor of the new version. In terms of resident memory, which should be the most important measure (no swapping has occured) the new version is even 792 KiB (~ 7 %) smaller than the old one. Thanks for looking at that; I was going to suggest something like this. As you've pointed out, RSS is the value that really matters. VSS doesn't matter at all. So any large (25%) increases in RSS size between the dumps in any one library are interesting. But also that would indicate increased usage *in that library*, not necessarily in nm-applet. Now if you haven't changed any other packages/libraries on your system, but you've just changed nm-applet from 0.8.0 - 0.8.1, then it may be that nm-applet is now using those libraries in a different way that results in a difference in memory usage. ie, it's actually not very straightforward to figure out this problem. Anyway, if we can figure out what might account for the change (if there is a large change) then we can look at what might be causing it. But if, as Uwe says, the RSS actually *decreases* in 0.8.1 then we've already won? :) Dan Unless my conversion script really screwed up something and by accident the bug just happened to level out your obvserved 110 MiB difference such difference does not exist. If anybody wants my script and my spreadsheets to double check I can send them by personal mail. I don't want the flood the mailing list with big attachments, which are probably not of big interest for most readers. (There are also other tools to read smaps files on the net, I have never tried them.) Memory consumption in Linux is a tricky thing. There are many different categories to measure (that's why smaps was added some time ago to show them all or at least many of them). There is no single correct number. If the tool you used to compute the 110 MiB delta shows only a single number, are you sure the way the number is calculated has not changed between your old and your new system? I assume you used the same tool in the old and the new system, otherwise it's even more likely that you ended up comparing apples and oranges. 110 MB difference looks huge by any measure. According to to my results the mapped address space of the new version is only around 46 MiB. I don't think any reasonable measure can be bigger than the mapped space. (The old one is around 45 MiB, the difference 712 KiB) Regards, Uwe ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list -- ~Jeff Hoogland http://jeffhoogland.com/ Thoughts on Technology http://jeffhoogland.blogspot.com/, Tech Blog Bodhi Linux http://bodhilinux.com/, Enlightenment for your Desktop ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Please add SAE support for WiFi
On 12/16/2011 01:06 PM, Larry Finger wrote: On 12/16/2011 11:43 AM, Robert Moskowitz wrote: I sent this message also to the Fedora test list. That is the closest list I am on to the developers. I am right now in the need of a new AP, so I am searching for one that I can afford that will be able to get SAE support. You should send your request to linux-wirel...@vger.kernel.org. That is where most of the developers of the IEEE80211 MAC layer, the supplicant, and the device drivers can be found. Thanks. I sent a subscribe for the list, and a search of the archives found: http://marc.info/?l=linux-wirelessm=130145440930760w=2 Which seems to show SAE support in user space. So I wonder if it is in my f16 install? When SAE support is available in Linux, you would be able to implement it in nearly every router that runs openWRT. Only those units with very limited memory would be excluded. As openWRT-capable APs are mostly consumer grade, they should be affordable. And f16 with gnome 3.2 as well ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Please add SAE support for WiFi
On 12/16/2011 12:29 PM, Robert Moskowitz wrote: On 12/16/2011 01:06 PM, Larry Finger wrote: On 12/16/2011 11:43 AM, Robert Moskowitz wrote: I sent this message also to the Fedora test list. That is the closest list I am on to the developers. I am right now in the need of a new AP, so I am searching for one that I can afford that will be able to get SAE support. You should send your request to linux-wirel...@vger.kernel.org. That is where most of the developers of the IEEE80211 MAC layer, the supplicant, and the device drivers can be found. Thanks. I sent a subscribe for the list, and a search of the archives found: http://marc.info/?l=linux-wirelessm=130145440930760w=2 Which seems to show SAE support in user space. So I wonder if it is in my f16 install? When SAE support is available in Linux, you would be able to implement it in nearly every router that runs openWRT. Only those units with very limited memory would be excluded. As openWRT-capable APs are mostly consumer grade, they should be affordable. And f16 with gnome 3.2 as well That set of patches were accepted into the wireless-testing tree on April 7, 2011, and should be in any 3.1 or later kernel. I think you should have it in f16. I have no idea where to get the userspace tools. If your wireless device supports AP mode (not all do), then you could use your laptop as an AP. Larry ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Please add SAE support for WiFi
On 12/16/2011 01:47 PM, Larry Finger wrote: On 12/16/2011 12:29 PM, Robert Moskowitz wrote: On 12/16/2011 01:06 PM, Larry Finger wrote: On 12/16/2011 11:43 AM, Robert Moskowitz wrote: I sent this message also to the Fedora test list. That is the closest list I am on to the developers. I am right now in the need of a new AP, so I am searching for one that I can afford that will be able to get SAE support. You should send your request to linux-wirel...@vger.kernel.org. That is where most of the developers of the IEEE80211 MAC layer, the supplicant, and the device drivers can be found. Thanks. I sent a subscribe for the list, and a search of the archives found: http://marc.info/?l=linux-wirelessm=130145440930760w=2 Which seems to show SAE support in user space. So I wonder if it is in my f16 install? When SAE support is available in Linux, you would be able to implement it in nearly every router that runs openWRT. Only those units with very limited memory would be excluded. As openWRT-capable APs are mostly consumer grade, they should be affordable. And f16 with gnome 3.2 as well That set of patches were accepted into the wireless-testing tree on April 7, 2011, and should be in any 3.1 or later kernel. I think you should have it in f16. I have no idea where to get the userspace tools. f16 is at 3.1.5 so looks good. Now I 'just' need SAE added to Network Manager in Gnome 3.2.1 If your wireless device supports AP mode (not all do), then you could use your laptop as an AP. That would work for testing purposes, but not operationally! I have to see if it is in OpenWRT yet. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list