Re: [OT] Breaking WPA2 by forcing nonce reuse
On Thu 19 Oct 2017 at 17:06:20 +0100, Ron Leach wrote:
> On 19/10/2017 16:56, Dan Purgert wrote:
> > Brian wrote:
> > > [...]
> > > Isn't it sufficient to fix one end of the
> > > connection to dispose of the vulnerability?
> > >
> > KRACK is an attack against the *client* side. It MUST (rfc2119) be that
> > device that is patched against the attack.
> Dan, I'm not sure it's that simple, either.
> There are *two* WiFi connections in the Debian-box to Printer case:
> i Debian box to Access Point
> ii Printer to Access Point
> Brian's idea is good for the connection from the Debian box to the Access
> But the connection between the printer, and the Access Point remains
> vulnerable - particularly to the possible all-zero key.
> Your advice is extremely close, and very pertinent, but *both* clients need
> to be fixed. So Celejar's powerline link may be a reasonable solution for
> his case.
Thanks to you, Dan Purgert and Celejar for correcting my misconception.
The middleman (the WAP) needs to be taken out of the picture. With more
recent printers this is a possibility if they have WiFi Direct. A Debian
machine with a patched supplicant can then be set up to connect directly
with the printer.