Re: [OT] Breaking WPA2 by forcing nonce reuse
On 18/10/2017 19:03, Henrique de Moraes Holschuh wrote:
On Mon, Oct 16, 2017, at 14:49, Alexander V. Makartsev wrote:
That is one smoking fast update release. Demo works in perfect
environment, but I wonder if there are some settings on AP that help
to prevent successful
Yes, there is. The AP may refuse to ever resent the third packet of the
4-way handshake if it is lost. This causes slowdowns on association in
noisy/lossy environments, but safeguards the session key.
Newest openwrt and LEDE and hostapd/WPA git trees have a manual setting
that can do this. It is not on any release yet, but might be
available in nightly build images or the updated packages with the
17.01.4 just released  with fixed wpa and possibility to activate an
AP side workaround. It is just a mitigation really, but should in
practice impair an exploit. It is OFF by default.
"an optional AP-side
workaround was introduced in hostapd to complicate these attacks,
slowing them down. Please note that this does not fully protect you from
them, especially when running older versions of wpa_supplicant
vulnerable to CVE-2017-13086, which the workaround does not address. As
this workaround can cause interoperability issues and reduced robustness
of key negotiation, this workaround is disabled by default."
Option in hostapd.sh  is: