On 16/10/2017 21:54, Luca Cappelletti wrote:
On 16/10/2017 18:27, Alessandro Gnagni wrote:
Studiato e confermo, si può intercettare ma nn autenticarsi.
Inoltre wpa supplicant ha un bug che provoca un reset della chiave di
sessione a tutti zeri. In quel caso si può anche fare injection.
mi sembra che sia una richiesta esplicita del protocollo che
wpa_supplicant onora
ma anche no (sing song)
vabbe balliam (cit. Salmo)
[m...@openbsd.org]
[Stefan Sperling <s...@stsp.name>]
"
On Mon, Oct 16, 2017 at 10:22:26AM +0000, C. L. Martinez wrote:
> HI all,
>
> Regarding WPA2 alert published today: https://www.krackattacks.com/,
> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
> connection to authenticate and protect clients and hostAP comms, is
> this vulnerability mitigated?
>
> Thanks.
>
Also this was *NOT* a protocol bug.
arstechnica claimed such nonesense without any basis in fact and
now everybody keeps repeating it
It was an implementation bug.
"
_______________________________________________
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless