KRACK attack

prpr · Oct 16, 2017

Is the wpa-supplicant package vulnerable to this WPA2 vulnerability then?
(Regardless, I don't understand the version numbers of this package - the components seem to be 0.7.3 but the package itself is 0.6.10)

af123 · Oct 16, 2017

Well, yes but it isn't actually used for key negotiation - we're dependant there on something built into the Humax firmware which is probably vulnerable.

I can upgrade to wpa_supplicant 2.7 to fix the vulnerability there but we might have to accept that our Humax boxes will always remain vulnerable to this suite of attacks. This would mean that an attacker could potentially decrypt packets sent onto the network by the Humax - not the most confidential stuff in the world.

af123 · Oct 16, 2017

Background reading: https://www.krackattacks.com/

Trev · Oct 16, 2017

Had a read of that, and in doing so found a brand new meaning for the word 'nonce' and a brand new word to savour over, which is 'pleonasm' which I believe means something that plebs catch. :frantic:

KRACK attack

prpr

Well-Known Member

af123

Administrator

af123

Administrator

Trev

The Dumb One