KRACK attack


Well-Known Member
Is the wpa-supplicant package vulnerable to this WPA2 vulnerability then?
(Regardless, I don't understand the version numbers of this package - the components seem to be 0.7.3 but the package itself is 0.6.10)


Staff member
Well, yes but it isn't actually used for key negotiation - we're dependant there on something built into the Humax firmware which is probably vulnerable.

I can upgrade to wpa_supplicant 2.7 to fix the vulnerability there but we might have to accept that our Humax boxes will always remain vulnerable to this suite of attacks. This would mean that an attacker could potentially decrypt packets sent onto the network by the Humax - not the most confidential stuff in the world.
Last edited:


The Dumb One
Had a read of that, and in doing so found a brand new meaning for the word 'nonce' and a brand new word to savour over, which is 'pleonasm' which I believe means something that plebs catch.:frantic: