The specification, like many, was vague in implementation details and practically all vendors chose a poor, insecure design. The only claw in WPA2 was vagueness in the specification. I understand the Wi-Fi Alliance is working on remedying that as well as specifically testing for KRACK in its certification testing.
Since many implementations were likely based off the chipmakers reference designs, this is not very surprising. Bruce Osborne Senior Network Engineer Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Marcelo Maraboli [mailto:marcelo.marab...@uc.cl] Sent: Wednesday, October 18, 2017 11:56 AM Subject: Re: Big flaw in WPA2 if it were a Design Flaw, no patch can fix it.... we would need to upgrade to WPA3 or something. the fact that there is patch going on, is that either every implementation is wrong (not likely) or the specification (how to code the Design) did not address boundaries or restrictions that should/must be cared for. or am I wrong ? regards, On 10/16/17 4:32 PM, Hector J Rios wrote: The short answer is Yes. Hector Rios Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Cunningham Sent: Monday, October 16, 2017 1:58 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 If this is a flaw in the design of the WPA2 protocol isn't the fix going to need to be made on both sides of the communication link? Access points will all need to be updated but also all client wifi drivers are going to need to be updated on all wifi enabled devices that support WPA2, right? Mike Cunningham From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher Sent: Monday, October 16, 2017 10:40 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 >From Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa / Stephen Belcher Assistant Director of Network Operations WVU Information Technology Services One Waterfront Place / PO Box 6500 Morgantown, WV 26506 (304) 293-8440 office (681) 214-3389 mobile steve.belc...@mail.wvu.edu<mailto:steve.belc...@mail.wvu.edu> ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Richard Nedwich <rich.nedw...@brocade.com<mailto:rich.nedw...@brocade.com>> Sent: Monday, October 16, 2017 10:34:43 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Big flaw in WPA2 Ruckus is providing a response today. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ________________________________ This email may contain confidential information about a Pennsylvania College of Technology student. It is intended solely for the use of the recipient. This email may contain information that is considered an "educational record" subject to the protections of the Family Educational Rights and Privacy Act Regulations. The regulations may be found at 34 C.F.R. Part 99 for your reference. The recipient may only use or disclose the information in accordance with the requirements of the Federal Educational Rights and Privacy Act Regulations. If you have received this transmission in error, please notify the sender immediately and permanently delete the email. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. -- Marcelo Maraboli Rosselott Subdirector de Redes y Seguridad Dirección de Informática Pontificia Universidad Católica de Chile http://informatica.uc.cl/ -- Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul Santiago, Chile Teléfono: (56) 22354 1341 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
