Re: [OT] Breaking WPA2 by forcing nonce reuse
On Friday, October 20, 2017 12:35:34 AM tv.debian@googlemail.com wrote:
> I sent that a day ago, but for some reason it didn't make it to the list:
Why do you think it didn't make it to the list? I received it on Wednesday,
with the same quote listed below--here are the headers:
<quote>
Re: [OT] Breaking WPA2 by forcing nonce reuse
From: "tv.debian@googlemail.com" <tv.debian@googlemail.com> (resent from
debian-user@lists.debian.org)
To: debian-user@lists.debian.org
Date: Wed Oct 18 13:04:04 2017
</quote>
I suspect that, like for many email users / clients, some combination of the
ISP, your email client, and the maillist headers keep you from seeing your own
posts.
The following quote was in the Wednesday post:
> > Quote:
> >
> > "an optional AP-side
> > workaround was introduced in hostapd to complicate these attacks,
> > slowing them down. Please note that this does not fully protect you from
> > them, especially when running older versions of wpa_supplicant
> > vulnerable to CVE-2017-13086, which the workaround does not address. As
> > this workaround can cause interoperability issues and reduced robustness
> > of key negotiation, this workaround is disabled by default."
> >
> > Option in hostapd.sh [1] is:
> >
> > wpa_disable_eapol_key_retries
> >
> >
> > [1]
> > https://git.lede-project.org/?p=source.git;a=commitdiff;h=d501786ff25684
> > 208d22b7c93ce60c194327c771
> >
> > [2] https://downloads.lede-project.org/releases/17.01.4/targets/
>
> So it is part of Latest LEDE release, but I am not aware of other distro
> using this workaround. It comes with a few potential problems, so must
> be thoroughly tested before being deployed, and it likely breaks
> standards which is never good.
Reply to: