[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Breaking WPA2 by forcing nonce reuse

On Mon, Oct 16, 2017, at 14:49, Alexander V. Makartsev wrote:
That is one smoking fast update release.
Demo works in perfect environment, but I wonder if there are some settings on AP that help to prevent successful

Yes, there is.  The AP may refuse to ever resent the third packet of the 4-way handshake if it is lost.  This causes slowdowns on association in noisy/lossy environments, but safeguards the session key.

Newest openwrt and LEDE and hostapd/WPA git trees have a manual setting that can do this.  It is not on any release yet,  but might be available in nightly build images or the updated packages with the wpa/hostapd binaries.

It obviously protects you only while connected to that AP. You still want/need a device firmware update or to always use a VPN (or ssh or https, etc) when using random APs out there...

--
  Henrique de Moraes Holschuh <hmh@debian.org>
Reply to: