Subj : Insecure Wifi
To   : Joaquim Homrighausen
From : Richard Menedetter
Date : Wed Oct 18 2017 12:37:08

Hi Joaquim!

18 Oct 2017 01:22, from Joaquim Homrighausen -> Richard Menedetter:

 rm>> I assume you mean this paper:
 rm>> https://papers.mathyvanhoef.com/ccs2017.pdf
 rm>> from the same people.
 rm>> "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2"
 rm>> KRACK for short ;)
 JH> Yes. That's the one.

I know ;))

 rm>> Caused me some headaches yesterday at work ...
 JH> It will continute to do so for a while ...

We are reselling different WLAN enabled devices.
Before the details have been revealed it was not clear if it is an AP issue or
a client issue.

After the details got public, I can relax a bit, as currently the APs seem OK.
I have one WiFi Mesh solution that needs patching (it has implemented 802.11r
and is vulnerable)

Vendor feedback was generally along the lines:
"We are not affected as we do not offer client functionality. Detailed review
of the information will be done in the next time."

CU, Ricsi

--- GoldED+/LNX
 * Origin: The price of greatness is responsibility. (21:1/104)

.