Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Fwd: Basically every WiFi device just hacked?
  • From: Tony Su <tonysu@xxxxxxxxxxxxxxxxx>
  • Date: Mon, 16 Oct 2017 09:44:47 -0700
  • Message-id: <>
Based on the non-detailed descriptions I've read, although the
specific handshake step might be on the client side, it's not likely a
client only flaw.

It's the whole handshake, which likely means that both AP and client
need to be patched.


On Mon, Oct 16, 2017 at 9:41 AM, Tony Su <tonysu@xxxxxxxxxxxxxxxxx> wrote:
Regarding stuff like key servers,
That's not going to be affected.
Servers hold the keys for providing authentication for services, but
those keys are not generally used directly in WiFi (or at least not
the systems I know about).
Normally those keys are used to generate ephemeral (single use) keys
which are then used for handshakes.

In the case of Network Security like LDAP/AD,
Both the Server and Client have been joined to the Domain beforehand,
so each contains a "secret" that is commonly known to the two that
doesn't have to be exchanged over the network.


On Mon, Oct 16, 2017 at 9:35 AM, Tony Su <tonysu@xxxxxxxxxxxxxxxxx> wrote:
From the general description (I haven't been able to inspect a
detailed demo), it looks like a cousin to the Diffie Hellman flaw
described last year.

If so,
- All encrypted traffic including SSL/TLS, SSH, VPNs, etc should be
protected despite the researchers' suggestion that <might> also be
vulnerable. And, all User activity that involves exchanging passwords
on websites, Financial/Banking, email and other activity are covered

- The other stuff about capturing, replaying and injecting content or
even false network settings is a different consideration, but if this
is not much different than what has always been possible using
aircrack-ng against WEP or WPA1, then there are practical
considerations which can make this kind of attack difficult although
possible... like...

The attacker might have to capture gigabytes of data to obtain the few
packets which contain a WPA handshake. Low activity APs might be more
vulnerable than heavily used.

Once captured, the attacker has to crack the keys. Depending on
strength and available machine resources plus method of crack (are
rainbow tables available and used?), this might take awhile

Once cracked, the keys are usable for only as long as the original
User has not yet closed his wireless session. Once the User has
disconnected, then a new session and handshake has to be cracked.

Unless you're supporting a high security wireless network, I don't
think that anyone should be pressing any emergency buttons, and if you
were supporting a high security network then I'd be questioning why
you even have Wifi or not deploying WiFi that automatically rotates
new keys every few minutes.


On Mon, Oct 16, 2017 at 9:18 AM, James Knott <james.knott@xxxxxxxxxx> wrote:
On 10/16/2017 09:43 AM, Richard Brown wrote:
But WPA2 comes in a couple variants. Does anyone know if any of them
are unaffected?

I don't know, but I do know that SUSE are working on providing us fast
updates for SLE (which Leap will get equally fast) and Tumbleweed

Would SUSE being up to date affect this? Or is it an attack on the
access point?

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >