Re: [OT] Breaking WPA2 by forcing nonce reuse

To: debian-user@lists.debian.org
Subject: Re: [OT] Breaking WPA2 by forcing nonce reuse
From: Brian <ad44@cityscape.co.uk>
Date: Fri, 20 Oct 2017 13:56:56 +0100
Message-id: <[🔎] 20102017133935.29549f2ed1d7@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 59E8CD7C.6060603@tesco.net>
References: <[🔎] 20171016151906.00a26195581b774880c07430@gmail.com> <[🔎] c47ba314-5118-697f-7189-eacbd5d2d13b@googlemail.com> <[🔎] 20171017105715.87134337517be7c2b77ba6ec@gmail.com> <[🔎] 17102017184955.cbe671b90b6e@desktop.copernicus.org.uk> <[🔎] 20171018213048.6e1bed0f5192e55e75d9f633@gmail.com> <[🔎] 19102017100229.d6ca0e8c0b74@desktop.copernicus.org.uk> <[🔎] 20171019110701.068af36036d800dbf4f49c4e@gmail.com> <[🔎] 19102017161739.952840d13b59@desktop.copernicus.org.uk> <[🔎] slrnouhipd.4qi.dan@xps-linux.djph.net> <[🔎] 59E8CD7C.6060603@tesco.net>

On Thu 19 Oct 2017 at 17:06:20 +0100, Ron Leach wrote:

> On 19/10/2017 16:56, Dan Purgert wrote:
> > Brian wrote:
> > > [...]
> > > Isn't it sufficient to fix one end of the
> > > connection to dispose of the vulnerability?
> > > 
> > 
> > KRACK is an attack against the *client* side.  It MUST (rfc2119) be that
> > device that is patched against the attack.
> > 
> 
> Dan, I'm not sure it's that simple, either.
> 
> There are *two* WiFi connections in the Debian-box to Printer case:
> i Debian box to Access Point
> ii Printer to Access Point
> 
> Brian's idea is good for the connection from the Debian box to the Access
> Point1.
> 
> But the connection between the printer, and the Access Point remains
> vulnerable - particularly to the possible all-zero key.
> 
> Your advice is extremely close, and very pertinent, but *both* clients need
> to be fixed.  So Celejar's powerline link may be a reasonable solution for
> his case.

Thanks to you, Dan Purgert and Celejar for correcting my misconception.
The middleman (the WAP) needs to be taken out of the picture. With more
recent printers this is a possibility if they have WiFi Direct. A Debian
machine with a patched supplicant can then be set up to connect directly
with the printer.

-- 
Brian.

Reply to:

References:
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Dan Purgert <dan@djph.net>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Ron Leach <ronleach@tesco.net>

Prev by Date: Re: Update - was {Re: Recovering accidentally deleted file folder}
Next by Date: Re: Ciao, sono felice di aver trovato qualcuno degno. Martina
Previous by thread: Re: [OT] Breaking WPA2 by forcing nonce reuse
Next by thread: Re: [OT] Breaking WPA2 by forcing nonce reuse
Index(es):
- Date
- Thread