Re: [OT] Breaking WPA2 by forcing nonce reuse

To: debian-user@lists.debian.org
Subject: Re: [OT] Breaking WPA2 by forcing nonce reuse
From: Dan Purgert <dan@djph.net>
Date: Fri, 20 Oct 2017 17:12:59 -0000 (UTC)
Message-id: <[🔎] slrnoukbkr.4qi.dan@xps-linux.djph.net>
References: <[🔎] slrnou9kqp.48k.curty@einstein.electron.org> <[🔎] 1b6d0e14-20e7-0ef3-7f64-974758f78eb3@googlemail.com> <[🔎] 20171016151906.00a26195581b774880c07430@gmail.com> <[🔎] c47ba314-5118-697f-7189-eacbd5d2d13b@googlemail.com> <[🔎] 20171017105715.87134337517be7c2b77ba6ec@gmail.com> <[🔎] 17102017184955.cbe671b90b6e@desktop.copernicus.org.uk> <[🔎] 20171018213048.6e1bed0f5192e55e75d9f633@gmail.com> <[🔎] 19102017100229.d6ca0e8c0b74@desktop.copernicus.org.uk> <[🔎] 20171019110701.068af36036d800dbf4f49c4e@gmail.com> <[🔎] 19102017161739.952840d13b59@desktop.copernicus.org.uk> <[🔎] slrnouhipd.4qi.dan@xps-linux.djph.net> <[🔎] 59E8CD7C.6060603@tesco.net>

Ron Leach wrote:
> On 19/10/2017 16:56, Dan Purgert wrote:
>> Brian wrote:
>>> [...]
>>> Isn't it sufficient to fix one end of the
>>> connection to dispose of the vulnerability?
>>>
>>
>> KRACK is an attack against the *client* side.  It MUST (rfc2119) be that
>> device that is patched against the attack.
>>
>
> Dan, I'm not sure it's that simple, either.
> [...]
>
> Your advice is extremely close, and very pertinent, but *both* clients 
> need to be fixed.  

I read his comment as "one side" being the AP side in the AP/Client
relationship ... not that you'd only need to patch "one client".

To be as clear as possible -- Any and all client devices MUST (rfc2119)
be patched to be secure from the KRACK attack.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

References:
- [OT] Breaking WPA2 by forcing nonce reuse
  - From: Curt <curty@free.fr>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: "tv.debian@googlemail.com" <tv.debian@googlemail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Celejar <celejar@gmail.com>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Dan Purgert <dan@djph.net>
- Re: [OT] Breaking WPA2 by forcing nonce reuse
  - From: Ron Leach <ronleach@tesco.net>

Prev by Date: Re: Can imagemagick really be safely purged or removed?
Next by Date: Re: Re: System becomes inaccessible after upgrade of libgl1-mesa-glx to version 17.2.2-1
Previous by thread: Re: [OT] Breaking WPA2 by forcing nonce reuse
Next by thread: Re: [OT] Breaking WPA2 by forcing nonce reuse
Index(es):
- Date
- Thread