View previous topic :: View next topic |
Author |
Message |
teika Apprentice
Joined: 19 Feb 2011 Posts: 155 Location: YYYY-MM-DD, period. Have you ever used the Internet?
|
Posted: Thu Apr 18, 2019 12:39 pm Post subject: [Solved] Summary for wpa_supplicant vln'ty ("Dragonbloo |
|
|
I know wpa is found to be insecure, and it's named "Dragonblood". See e.g. Wikipedia and Debian security advisory 4430.
But it's too complicated for me. Any nice summary available? Currently I only use wpa2, but what should I do, if any?
Regards. _________________ Hack of easy Shift / Ctrl / AltGr etc; save your pinkies, type without drudgery: topic 865313
XPAT - Xi, Putin, Abe and Trump - are security holes of their own nations.
Last edited by teika on Thu Apr 25, 2019 12:00 am; edited 2 times in total |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54096 Location: 56N 3W
|
Posted: Sun Apr 21, 2019 11:24 am Post subject: |
|
|
teika,
It depends how paranoid you are.
Answers vary from nothing to upgrade to testing wpa_supplicant to running ssh tunnels over your wifi.
What does it all mean?
An attacker that can gain access to your wifi can steal your bandwidth and sniff your traffic.
sniffing https, or other encrypted traffic, is not useful as its end to end encrypted. Any unencrypted packets can be sniffed.
Do you care about anyone steeling your bandwidth?
Personally, I don't. My WiFi is on a physically separate LAN to my secure wired network, so anyone breaking into my WiFi, just gets wifi access. They cannot sniff wired traffic.
Indeed every now and again I run my wifi without any encryption at all and check for people trying mesh networking.
All I've ever seen is connections from mobile devices on buses waiting for the traffic lights.
Wifi is inherently insecure, this is the latest problem to be published, there will be more.
The problems you need to worry about are those known but not yet published. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20053
|
Posted: Sun Apr 21, 2019 9:50 pm Post subject: |
|
|
The source has some easy to read info: https://wpa3.mathyvanhoef.com/
Excerpts:
- we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread.
- All attacks are against home networks (i.e. WPA3-Personal), where one password is shared among all users.
- the recent discoveries concerning the EAP-pwd protocol are not discussed in this paper.
- We found that an adversary can create a rogue network and force clients that support WPA3 into connecting using WPA2. The captured partial WPA2 handshake can be used to recover the password of the network (using brute-force or dictionary attacks). No man-in-the-middle position is required to perform this attack.
So it might be a good idea to read up on various WPA3 supporting devices to decide which one will be a suitable upgrade from WPA2. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
teika Apprentice
Joined: 19 Feb 2011 Posts: 155 Location: YYYY-MM-DD, period. Have you ever used the Internet?
|
Posted: Wed Apr 24, 2019 5:56 am Post subject: |
|
|
@NeddySeagoon
Wow. Your answer is a really nice summary. Sorry, no, excellent. Thanks a lot.
Yep, you can limit the access to your personal AP to your own devices. It's all so simple. :) And I'm not a degital-public-health scientist.
In fact, your answer is not at all a summary of dragonblood itself, but a practical, "succinct chat". (Rant: Unfortunately many Gentoo wiki articles are written by those who don't understand readability and the range of readers. They simply load facts in unorganized manners, and seem to think "Nothing incorrect here, done!" Sigh.)
@pjp: Thanks a lot. The combination of a tiny, short summary and the pointer to an authoritative site is ideal. Now Gentoo users can easily understand the situation. The entire commuinity profits by your comment!
Best regards. _________________ Hack of easy Shift / Ctrl / AltGr etc; save your pinkies, type without drudgery: topic 865313
XPAT - Xi, Putin, Abe and Trump - are security holes of their own nations. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|