KRACK attack

[prpr]

Is the wpa-supplicant package vulnerable to this WPA2 vulnerability then?
(Regardless, I don't understand the version numbers of this package - the components seem to be 0.7.3 but the package itself is 0.6.10)

 

[af123]

Well, yes but it isn't actually used for key negotiation - we're dependant there on something built into the Humax firmware which is probably vulnerable.

I can upgrade to wpa_supplicant 2.7 to fix the vulnerability there but we might have to accept that our Humax boxes will always remain vulnerable to this suite of attacks. This would mean that an attacker could potentially decrypt packets sent onto the network by the Humax - not the most confidential stuff in the world.

 

[af123]

Background reading: https://www.krackattacks.com/

 

[Trev]

Had a read of that, and in doing so found a brand new meaning for the word 'nonce' and a brand new word to savour over, which is 'pleonasm' which I believe means something that plebs catch.