Hacker News new | past | comments | ask | show | jobs | submit login

What would be the consequences of dropping MD4 support in wpa-supplicant? Does OpenBSD not work with WPA-PSK at all or is that implemented separately?



OpenBSD does support PSK. Random excerpt here:

> For standard WPA networks which use pre-shared keys (PSK), keys are configured using the "wpakey" option. [1]

I think the article is saying that the new OpenSSL is the library that breaks, or makes it hard to use, MD4.

[1] https://man.openbsd.org/ipw


I think the question is, what would break if they went forward with using OpenSSL 3 and dropped support for MD4 in wpa_supplicant?


Mschapv2 needs NTLM/MD4. Eduroam uses Mschapv2 inner authentication.


eduroam _can_ use mschapv2, but it's not mandatory. What's in the inner tunnel is up to the individual home institution and their clients.


Educated by a about five minutes of searching and reading, my impression is that not supporting MD4 means not supporting WPA networks.


WPA2 uses SHA1 IIRC. I havent seen a WPA network in over 10 years. I am pretty sure that code path can (and maybe should) be stripped.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: