Wireshark-dev: Re: [Wireshark-dev] IEEE 802.11 WPA3 decryption support
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 25 Mar 2019 14:41:04 -0700
On Mar 25, 2019, at 2:32 AM, Kanstrup, Mikael <Mikael.Kanstrup@xxxxxxxx> wrote:

> I started working on WPA3 decryption support. Some parts of it has already been merged.

So does this mean we'll prove Michael Berg of Tamosoft wrong?

	https://twitter.com/TamoSoft/status/1049975990695399424

"WPA3 will make it impossible to perform on-the-fly or post-capture decryption of WiFi packets by tools like CommView for WiFi. Good security, but still upsetting from the packet analysis standpoint..."

> The dot11crypt engine duplicate quite a lot IEEE 802.11 dissector functionality

Yes, and it shouldn't.

(It may originally have been code used in the AirPcap adapters and adapted for use in Wireshark, but there's no reason I can see to keep them in sync, especially given that 1) they've probably already diverged in ways that keep our version of the code usable in the adapters and 2) those adapters may be a dead product line, as they haven't done anything past 11n.)

> but now also lack certain parts.

And that's one reason why it shouldn't, but it shouldn't have even duplicated that functionality for WEP/WPA/WPA2.

> Instead of adding further duplication I'd like to propose the following changes:
> 
> - Replace the scan for keys functionality from dot11decrypt engine with a new SetKey(from, to, key_index, key) function that the IEEE802.11 dissector can call when a key is found.

Yes!