On 19/10/2017 16:56, Dan Purgert wrote:
Brian wrote:
[...]
Isn't it sufficient to fix one end of the
connection to dispose of the vulnerability?
KRACK is an attack against the *client* side. It MUST (rfc2119) be that
device that is patched against the attack.
Dan, I'm not sure it's that simple, either.
There are *two* WiFi connections in the Debian-box to Printer case:
i Debian box to Access Point
ii Printer to Access Point
Brian's idea is good for the connection from the Debian box to the
Access Point1.
But the connection between the printer, and the Access Point remains
vulnerable - particularly to the possible all-zero key.
Your advice is extremely close, and very pertinent, but *both* clients
need to be fixed. So Celejar's powerline link may be a reasonable
solution for his case.
regards, Ron