Re: [OT] Breaking WPA2 by forcing nonce reuse
On Mon, Oct 16, 2017, at 14:49, Alexander V. Makartsev wrote:
That is one smoking fast update
release.
Demo works in perfect environment, but I wonder if there are some
settings on AP that help to prevent successful
Yes, there is. The AP may refuse to ever resent the third packet of the 4-way handshake if it is lost. This causes slowdowns on association in noisy/lossy environments, but safeguards the session key.
Newest openwrt and LEDE and hostapd/WPA git trees have a manual setting that can do this. It is not on any release yet, but might be available in nightly build images or the updated packages with the wpa/hostapd binaries.
It obviously protects you only while connected to that AP. You still want/need a device firmware update or to always use a VPN (or ssh or https, etc) when using random APs out there...
--
Henrique de Moraes Holschuh <hmh@debian.org>
Reply to: