[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Breaking WPA2 by forcing nonce reuse

On Friday, October 20, 2017 12:35:34 AM tv.debian@googlemail.com wrote:
> I sent that a day ago, but for some reason it didn't make it to the list:

Why do you think it didn't make it to the list?  I received it on Wednesday, 
with the same quote listed below--here are the headers:

Re: [OT] Breaking WPA2 by forcing nonce reuse
From: "tv.debian@googlemail.com" <tv.debian@googlemail.com> (resent from 
  To: debian-user@lists.debian.org
  Date: Wed Oct 18 13:04:04 2017

I suspect that, like for many email users / clients, some combination of the 
ISP, your email client, and the maillist headers keep you from seeing your own 

The following quote was in the Wednesday post:
> > Quote:
> > 
> > "an optional AP-side
> > workaround was introduced in hostapd to complicate these attacks,
> > slowing them down. Please note that this does not fully protect you from
> > them, especially when running older versions of wpa_supplicant
> > vulnerable to CVE-2017-13086, which the workaround does not address. As
> > this workaround can cause interoperability issues and reduced robustness
> > of key negotiation, this workaround is disabled by default."
> > 
> > Option in hostapd.sh [1] is:
> > 
> > wpa_disable_eapol_key_retries
> > 
> > 
> > [1]
> > https://git.lede-project.org/?p=source.git;a=commitdiff;h=d501786ff25684
> > 208d22b7c93ce60c194327c771
> > 
> > [2] https://downloads.lede-project.org/releases/17.01.4/targets/
> So it is part of Latest LEDE release, but I am not aware of other distro
> using this workaround. It comes with a few potential problems, so must
> be thoroughly tested before being deployed, and it likely breaks
> standards which is never good.

Reply to: