Bug 1373989 - [RFE] SHA256/SHA512 hash support for wpa_supplicant
Summary: [RFE] SHA256/SHA512 hash support for wpa_supplicant
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: wpa_supplicant
Version: 7.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Beniamino Galvani
QA Contact: Ken Benoit
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-07 15:39 UTC by Alex Ladd
Modified: 2019-12-16 06:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-09 17:51:38 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Alex Ladd 2016-09-07 15:39:41 UTC 
Description of problem:

wpa_supplicant only supports MD4 hashes.


Version-Release number of selected component (if applicable):

wpa_supplicant-0.7.3-8.el6


How reproducible:

always


Steps to Reproduce:

1. Try to use a hash other than MD4 for the password entry


Actual results:

/etc/wpa_supplicant/wpa_supplicant.conf

only supports MD4 hashes for:

password=

----------
Sample: /etc/wpa_supplicant/wpa_supplicant.conf

Note: the credentials (identity and password lines) have been scrambled.
 
ctrl_interface=/var/run/wpa_supplicant
  ap_scan=0
  network={
  key_mgmt=IEEE8021X
  eap=PEAP
  identity="user"
  password=hash:0ec081f204654910186ebf3b4c79418b
  eapol_flags=0
  }
----------


Expected results:

Support for SHA256 (at least)
Support for SHA512 (additionally)


Additional info:
MD4 hash has been considered very insecure for many years.
Comment 4 Beniamino Galvani 2016-11-09 17:51:38 UTC 
The MSCHAPv2 standard requires MD4 hashing of the password and it's not possible to use a stronger algorithm. I'm closing this.
Note You need to log in before you can comment on or make changes to this bug.