Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Summary for wpa_supplicant vln'ty ("Dragonblood") ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
teika
Apprentice
Apprentice


Joined: 19 Feb 2011
Posts: 155
Location: YYYY-MM-DD, period. Have you ever used the Internet?

PostPosted: Thu Apr 18, 2019 12:39 pm    Post subject: [Solved] Summary for wpa_supplicant vln'ty ("Dragonbloo Reply with quote

I know wpa is found to be insecure, and it's named "Dragonblood". See e.g. Wikipedia and Debian security advisory 4430.

But it's too complicated for me. Any nice summary available? Currently I only use wpa2, but what should I do, if any?

Regards.
_________________
Hack of easy Shift / Ctrl / AltGr etc; save your pinkies, type without drudgery: topic 865313

XPAT - Xi, Putin, Abe and Trump - are security holes of their own nations.


Last edited by teika on Thu Apr 25, 2019 12:00 am; edited 2 times in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54096
Location: 56N 3W

PostPosted: Sun Apr 21, 2019 11:24 am    Post subject: Reply with quote

teika,

It depends how paranoid you are.
Answers vary from nothing to upgrade to testing wpa_supplicant to running ssh tunnels over your wifi.

What does it all mean?
An attacker that can gain access to your wifi can steal your bandwidth and sniff your traffic.
sniffing https, or other encrypted traffic, is not useful as its end to end encrypted. Any unencrypted packets can be sniffed.

Do you care about anyone steeling your bandwidth?
Personally, I don't. My WiFi is on a physically separate LAN to my secure wired network, so anyone breaking into my WiFi, just gets wifi access. They cannot sniff wired traffic.

Indeed every now and again I run my wifi without any encryption at all and check for people trying mesh networking.
All I've ever seen is connections from mobile devices on buses waiting for the traffic lights.

Wifi is inherently insecure, this is the latest problem to be published, there will be more.
The problems you need to worry about are those known but not yet published.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Sun Apr 21, 2019 9:50 pm    Post subject: Reply with quote

The source has some easy to read info: https://wpa3.mathyvanhoef.com/

Excerpts:
- we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread.
- All attacks are against home networks (i.e. WPA3-Personal), where one password is shared among all users.
- the recent discoveries concerning the EAP-pwd protocol are not discussed in this paper.
- We found that an adversary can create a rogue network and force clients that support WPA3 into connecting using WPA2. The captured partial WPA2 handshake can be used to recover the password of the network (using brute-force or dictionary attacks). No man-in-the-middle position is required to perform this attack.

So it might be a good idea to read up on various WPA3 supporting devices to decide which one will be a suitable upgrade from WPA2.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
teika
Apprentice
Apprentice


Joined: 19 Feb 2011
Posts: 155
Location: YYYY-MM-DD, period. Have you ever used the Internet?

PostPosted: Wed Apr 24, 2019 5:56 am    Post subject: Reply with quote

@NeddySeagoon

Wow. Your answer is a really nice summary. Sorry, no, excellent. Thanks a lot.
Yep, you can limit the access to your personal AP to your own devices. It's all so simple. :) And I'm not a degital-public-health scientist.

In fact, your answer is not at all a summary of dragonblood itself, but a practical, "succinct chat". (Rant: Unfortunately many Gentoo wiki articles are written by those who don't understand readability and the range of readers. They simply load facts in unorganized manners, and seem to think "Nothing incorrect here, done!" Sigh.)

@pjp: Thanks a lot. The combination of a tiny, short summary and the pointer to an authoritative site is ideal. Now Gentoo users can easily understand the situation. The entire commuinity profits by your comment!

Best regards.
_________________
Hack of easy Shift / Ctrl / AltGr etc; save your pinkies, type without drudgery: topic 865313

XPAT - Xi, Putin, Abe and Trump - are security holes of their own nations.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum