Re: [PLUG] Wpa2 oops

Keith C. Perry on 16 Oct 2017 11:31:10 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wpa2 oops

From: "Keith C. Perry" <kperry@daotechnologies.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Wpa2 oops
Date: Mon, 16 Oct 2017 14:29:47 -0400 (EDT)
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
Thread-index: UHKO7O+M2z0hk3yZGMH0sF/mqswMZA==
Thread-topic: Wpa2 oops

Brent,

Its looking slightly less bad- clients appear to be more of the problem but the AP's still need to be patched.  Everything, everywhere needs to be patched to be on the best footing so this going to be slow going.

https://community.ubnt.com/t5/UniFi-Routing-Switching/Krack-exploit-and-wpa2/m-p/2099840#M61285

The longer term risk would be older devices that do not get patched.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "brent saner" <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Sent: Monday, October 16, 2017 2:19:51 PM
Subject: Re: [PLUG] Wpa2 oops

On 10/16/2017 08:37 AM, Rich Freeman wrote:
> It also sounds like this is a problem with the protocol itself - just
> patching my routers/etc isn't going to help me, as I'd basically need
> a "WPA3" that is incompatible with everything I already own.

see the Q&A section at https://www.krackattacks.com/:

"Do we now need WPA3?

No, luckily implementations can be patched in a backwards-compatible
manner. This means a patched client can still communicate with an
unpatched access point, and vice versa. In other words, a patched client
or access points sends exactly the same handshake messages as before,
and at exactly the same moments in time. However, the security updates
will assure a key is only installed once, preventing our attacks. So
again, update all your devices once security updates are available."

it should be noted, however, that there is some discussion about this:

https://github.com/d33tah/call-for-wpa3/blob/master/README.md?t=1

^ that is being tossed around a fair bit

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Wpa2 oops
  - From: jeff <jeffv@op.net>

References:
- [PLUG] Wpa2 oops
  - From: jeffv <jeffv@op.net>
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Wpa2 oops
  - From: Paul Walker <pjwalker76@gmail.com>
- Re: [PLUG] Wpa2 oops
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>

Prev by Date: Re: [PLUG] Things to correct when copying over a filesystem with rsync?
Next by Date: Re: [PLUG] Wpa2 oops
Previous by thread: Re: [PLUG] Wpa2 oops
Next by thread: Re: [PLUG] Wpa2 oops
Index(es):
- Date
- Thread