Thread: Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
View Single Post
  #28   Report Post  
Posted to alt.comp.os.windows-10,alt.os.linux,sci.electronics.repair
harry newton harry newton is offline
external usenet poster
  
Posts: 173
Default Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
He who is David_B said on Tue, 17 Oct 2017 09:04:31 +0100:

Have you read/watched here?
http://www.techrepublic.com/article/...-whos-at-risk/

Nice find.
http://www.techrepublic.com/article/krack-wpa2-protocol-wi-fi-attack-how-it-works-and-whos-at-risk/
KRACK WPA2 protocol Wi-Fi attack: How it works and who's at risk

Salient points:
.. There are 10 CVE identifiers
.. All WPA is likely affected especially Android 6.0+ & Linux/MacOS clients
.. https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&S earchOrder=4
.. Lynchpin is the 4-way handshake to join a WPA network
.. wpa_supplicant is the Wi-Fi library that handles the 4-way handshake
.. The SSID passphrase is verified & an encryption key is negotiated
.. The client waits for the access point to acknowledge the encryption key
.. The client will receive the encryption key multiple times in that case
.. The client is expected to reinstall that rebroadcast encryption key
.. The client is expected to reset the incremental packet transit nonce
.. The result is a blank (all zero) encryption key
Reply With QuoteReply With Quote