Re: [OT] Breaking WPA2 by forcing nonce reuse

To: debian-user@lists.debian.org
Subject: Re: [OT] Breaking WPA2 by forcing nonce reuse
From: Ron Leach <ronleach@tesco.net>
Date: Thu, 19 Oct 2017 17:06:20 +0100
Message-id: <[🔎] 59E8CD7C.6060603@tesco.net>
In-reply-to: <[🔎] slrnouhipd.4qi.dan@xps-linux.djph.net>
References: <[🔎] slrnou9kqp.48k.curty@einstein.electron.org> <[🔎] 1b6d0e14-20e7-0ef3-7f64-974758f78eb3@googlemail.com> <[🔎] 20171016151906.00a26195581b774880c07430@gmail.com> <[🔎] c47ba314-5118-697f-7189-eacbd5d2d13b@googlemail.com> <[🔎] 20171017105715.87134337517be7c2b77ba6ec@gmail.com> <[🔎] 17102017184955.cbe671b90b6e@desktop.copernicus.org.uk> <[🔎] 20171018213048.6e1bed0f5192e55e75d9f633@gmail.com> <[🔎] 19102017100229.d6ca0e8c0b74@desktop.copernicus.org.uk> <[🔎] 20171019110701.068af36036d800dbf4f49c4e@gmail.com> <[🔎] 19102017161739.952840d13b59@desktop.copernicus.org.uk> <[🔎] slrnouhipd.4qi.dan@xps-linux.djph.net>

On 19/10/2017 16:56, Dan Purgert wrote:

Brian wrote:

[...]
Isn't it sufficient to fix one end of the
connection to dispose of the vulnerability?


KRACK is an attack against the *client* side.  It MUST (rfc2119) be that
device that is patched against the attack.


Dan, I'm not sure it's that simple, either.

There are *two* WiFi connections in the Debian-box to Printer case:
i Debian box to Access Point
ii Printer to Access Point

Brian's idea is good for the connection from the Debian box to theAccess Point1.

But the connection between the printer, and the Access Point remainsvulnerable - particularly to the possible all-zero key.

Your advice is extremely close, and very pertinent, but *both* clientsneed to be fixed. So Celejar's powerline link may be a reasonablesolution for his case.


regards, Ron

Reply to:

Follow-Ups:
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Dan Purgert <dan@djph.net>

References:
- [OT] Breaking WPA2 by forcing nonce reuse
  - From: Curt <curty@free.fr>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Dan Purgert <dan@djph.net>

Prev by Date: Re: [OT] Breaking WPA2 by forcing nonce reuse
Next by Date: Re: Debian 9.2, VSphere 6.5.0, "TCP performance may be compromised"
Previous by thread: Re: [OT] Breaking WPA2 by forcing nonce reuse
Next by thread: Re: [OT] Breaking WPA2 by forcing nonce reuse
Index(es):
- Date
- Thread