Keith C. Perry on 16 Oct 2017 11:31:10 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wpa2 oops


Its looking slightly less bad- clients appear to be more of the problem but the AP's still need to be patched.  Everything, everywhere needs to be patched to be on the best footing so this going to be slow going.

The longer term risk would be older devices that do not get patched.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167

----- Original Message -----
From: "brent saner" <>
Sent: Monday, October 16, 2017 2:19:51 PM
Subject: Re: [PLUG] Wpa2 oops

On 10/16/2017 08:37 AM, Rich Freeman wrote:
> It also sounds like this is a problem with the protocol itself - just
> patching my routers/etc isn't going to help me, as I'd basically need
> a "WPA3" that is incompatible with everything I already own.

see the Q&A section at

"Do we now need WPA3?

No, luckily implementations can be patched in a backwards-compatible
manner. This means a patched client can still communicate with an
unpatched access point, and vice versa. In other words, a patched client
or access points sends exactly the same handshake messages as before,
and at exactly the same moments in time. However, the security updates
will assure a key is only installed once, preventing our attacks. So
again, update all your devices once security updates are available."

it should be noted, however, that there is some discussion about this:

^ that is being tossed around a fair bit

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --