[Ninux-Wireless] WPA2 KRACK attack
Luca Cappelletti
luca.cappelletti a gmail.com
Lun 16 Ott 2017 22:09:07 CEST
On 16/10/2017 21:54, Luca Cappelletti wrote:
> On 16/10/2017 18:27, Alessandro Gnagni wrote:
>> Studiato e confermo, si può intercettare ma nn autenticarsi.
>> Inoltre wpa supplicant ha un bug che provoca un reset della chiave di
>> sessione a tutti zeri. In quel caso si può anche fare injection.
>>
>
> mi sembra che sia una richiesta esplicita del protocollo che
> wpa_supplicant onora
>
ma anche no (sing song)
vabbe balliam (cit. Salmo)
[misc a openbsd.org]
[Stefan Sperling <stsp a stsp.name>]
"
On Mon, Oct 16, 2017 at 10:22:26AM +0000, C. L. Martinez wrote:
> HI all,
>
> Regarding WPA2 alert published today: https://www.krackattacks.com/,
> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
> connection to authenticate and protect clients and hostAP comms, is
> this vulnerability mitigated?
>
> Thanks.
>
Also this was *NOT* a protocol bug.
arstechnica claimed such nonesense without any basis in fact and
now everybody keeps repeating it
It was an implementation bug.
"
Maggiori informazioni sulla lista
Wireless