On 19/10/2017 16:56, Dan Purgert wrote:
Brian wrote:[...] Isn't it sufficient to fix one end of the connection to dispose of the vulnerability?KRACK is an attack against the *client* side. It MUST (rfc2119) be that device that is patched against the attack.
Dan, I'm not sure it's that simple, either. There are *two* WiFi connections in the Debian-box to Printer case: i Debian box to Access Point ii Printer to Access PointBrian's idea is good for the connection from the Debian box to the Access Point1.
But the connection between the printer, and the Access Point remains vulnerable - particularly to the possible all-zero key.
Your advice is extremely close, and very pertinent, but *both* clients need to be fixed. So Celejar's powerline link may be a reasonable solution for his case.
regards, Ron