Causing a stir today in networking and security circles. The authors propose
a new way of random number generation to help combat some of the identified issues.

Best, Paul

--- Mystic BBS v1.12 A35 (Windows/32)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

Hi Avon!

17 Oct 2017 15:20, from Avon -> All:

Have a read of http://bit.ly/2iej5kE
Causing a stir today in networking and security circles. The authors propose a new way of random number generation to help combat some of
the identified issues.

Are you sure??
That reads very much like their last years work.

I assume you mean this paper:
https://papers.mathyvanhoef.com/ccs2017.pdf
from the same people.
"Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2"
KRACK for short ;)

Caused me some headaches yesterday at work ...

CU, Ricsi

--- GoldED+/LNX
* Origin: Sharp thinking is handy more often than sharp shooting. (21:1/104)

On 10/17/17, Richard Menedetter pondered and said...

Are you sure??

No I'm not.

That reads very much like their last years work.

I assume you mean this paper:
https://papers.mathyvanhoef.com/ccs2017.pdf
from the same people.
"Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2"
KRACK for short ;)

Thanks, will have a read :)

Best, Paul

--- Mystic BBS v1.12 A35 (Windows/32)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

I assume you mean this paper:
https://papers.mathyvanhoef.com/ccs2017.pdf
from the same people.
"Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2"
KRACK for short ;)

Yes. That's the one.

Caused me some headaches yesterday at work ...

It will continute to do so for a while ...



-joho

---
* Origin: Stockholm | Sweden (21:3/101)

Hi Joaquim!

18 Oct 2017 01:22, from Joaquim Homrighausen -> Richard Menedetter:

I assume you mean this paper:
https://papers.mathyvanhoef.com/ccs2017.pdf
from the same people.
"Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2"
KRACK for short ;)

Yes. That's the one.

I know ;))

Caused me some headaches yesterday at work ...

It will continute to do so for a while ...

We are reselling different WLAN enabled devices.
Before the details have been revealed it was not clear if it is an AP issue or a client issue.

After the details got public, I can relax a bit, as currently the APs seem OK. I have one WiFi Mesh solution that needs patching (it has implemented 802.11r and is vulnerable)

Vendor feedback was generally along the lines:
"We are not affected as we do not offer client functionality. Detailed review of the information will be done in the next time."

CU, Ricsi

--- GoldED+/LNX
* Origin: The price of greatness is responsibility. (21:1/104)

On 10/18/17, Richard Menedetter pondered and said...

Vendor feedback was generally along the lines:
"We are not affected as we do not offer client functionality. Detailed review of the information will be done in the next time."

Gee that sounds like 'all care and no responsibility'

Best, Paul

--- Mystic BBS v1.12 A35 (Windows/32)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

Hi Avon!

20 Oct 2017 19:16, from Avon -> Richard Menedetter:

Vendor feedback was generally along the lines:
"We are not affected as we do not offer client functionality.
Detailed review of the information will be done in the next
time."

Gee that sounds like 'all care and no responsibility'

Sorry ... I have some problems grasping the exact meaning.

But I received some multiple page advisories from some companies now, and they agree that access points are only affected if they support 802.11r, which few do.
Currently "my" only affected device is a WiFi Mesh system.

It looks much worse on mobile handsets (but those are done by another team)

CU, Ricsi

--- GoldED+/LNX
* Origin: If you can't make it work, make a statistic of it. (21:1/104)