16.10.2017 16:52, Greg Freemyer пишет:
On Mon, Oct 16, 2017 at 9:43 AM, Richard Brown <RBrownCCB@opensuse.org> wrote:
On 16 October 2017 at 15:36, Greg Freemyer <greg.freemyer@gmail.com> wrote:
All,
Most WiFi routers have WEP, WPA, and WPA2.
WPA2 was the most secure and the recommendation.
No longer:
https://www.theregister.co.uk/AMP/2017/10/16/wpa2_krack_attack_security_wifi...
But WPA2 comes in a couple variants. Does anyone know if any of them are unaffected?
The weakness is in initial client-AP handshake, so I assume all variants are affected.
Thanks Greg
I don't know, but I do know that SUSE are working on providing us fast updates for SLE (which Leap will get equally fast) and Tumbleweed
So this may be addressable on the client end? I hope so!
If I read linked paper correctly, this *is* client vulnerability: When a client joins a network, it executes the 4-way handshake to negotiate a fresh session key. It will install this key after receiving message 3 of the handshake. Once the key is installed, it will be used to encrypt normal data frames using a data-confidentiality protocol. However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times. Each time it receives this message, it will reinstall the same session key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the data-confidentiality protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3. By forcing nonce reuse in this manner, the data-confidentiality protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org