Originally Posted by
app_Developer It's a cat and mouse game. There are actually no omniscient people in cryptography or standards development or architecture or software development. I see some people on linkedin this week with amazing powers of hindsight and a lot of chest-thumping, but in reality we all know even the biggest experts make mistakes. It's a complicated field with serious firepower on the other side. If you have 1,000 developers on your team, somebody is making a bug right this second.
These KRACK attacks are pretty hard to do in practice. So I don't think the sky is falling. In our own labs we've been testing this and those guys are telling me that in the WPA_supplicant 2.4 case (the most serious case according to the media), the device loses the connection to the actual router when the key is reset. So it then tries to reconnect and you can keep repeating the attack, but you have to get the timing exactly right to get anything of real value from the user.
In the WPA_supplicant 2.6 case they found what I consider to be a much more serious issue, which is that you can silently alter packets. And you can do that forever.
The media is focusing on the 2.4 case because it sounds dramatic (ZOMG the key goes to all zeros!), but I actually think the flaw in Nougat and Oreo is worse in real life. The 2.4 all-zero PSK case fails hard, but it fails fast.
But again, it's going to be really hard for a bad guy to do anything really harmful at any kind of scale with this, IMO. It's a serious flaw, and it should be fixed, and it's not purely theoretical, but it's not like people are out there reading everyone's WiFi traffic around the world today. It's not that easy to exploit this.