On 16/10/2017 21:54, Luca Cappelletti wrote:
On 16/10/2017 18:27, Alessandro Gnagni wrote:
Studiato e confermo, si può intercettare ma nn autenticarsi.
Inoltre wpa supplicant ha un bug che provoca un reset della chiave di
sessione a tutti zeri. In quel caso si può anche fare injection.

mi sembra che sia una richiesta esplicita del protocollo che
wpa_supplicant onora

ma anche no (sing song)
vabbe balliam (cit. Salmo)

[Stefan Sperling <s...@stsp.name>]
On Mon, Oct 16, 2017 at 10:22:26AM +0000, C. L. Martinez wrote:
> HI all,
>  Regarding WPA2 alert published today: https://www.krackattacks.com/,
> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
> connection to authenticate and protect clients and hostAP comms, is
> this vulnerability mitigated?
>  Thanks.

Also this was *NOT* a protocol bug.
arstechnica claimed such nonesense without any basis in fact and
now everybody keeps repeating it

It was an implementation bug.
Wireless mailing list

Rispondere a