On Friday, October 20, 2017 12:35:34 AM tv.deb...@googlemail.com wrote: > I sent that a day ago, but for some reason it didn't make it to the list:
Why do you think it didn't make it to the list? I received it on Wednesday, with the same quote listed below--here are the headers: <quote> Re: [OT] Breaking WPA2 by forcing nonce reuse From: "tv.deb...@googlemail.com" <tv.deb...@googlemail.com> (resent from debian-user@lists.debian.org) To: debian-user@lists.debian.org Date: Wed Oct 18 13:04:04 2017 </quote> I suspect that, like for many email users / clients, some combination of the ISP, your email client, and the maillist headers keep you from seeing your own posts. The following quote was in the Wednesday post: > > Quote: > > > > "an optional AP-side > > workaround was introduced in hostapd to complicate these attacks, > > slowing them down. Please note that this does not fully protect you from > > them, especially when running older versions of wpa_supplicant > > vulnerable to CVE-2017-13086, which the workaround does not address. As > > this workaround can cause interoperability issues and reduced robustness > > of key negotiation, this workaround is disabled by default." > > > > Option in hostapd.sh [1] is: > > > > wpa_disable_eapol_key_retries > > > > > > [1] > > https://git.lede-project.org/?p=source.git;a=commitdiff;h=d501786ff25684 > > 208d22b7c93ce60c194327c771 > > > > [2] https://downloads.lede-project.org/releases/17.01.4/targets/ > > So it is part of Latest LEDE release, but I am not aware of other distro > using this workaround. It comes with a few potential problems, so must > be thoroughly tested before being deployed, and it likely breaks > standards which is never good.
