Status of a KRACK patch?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
retry
DD-WRT Novice


Joined: 05 Mar 2017
Posts: 15

PostPosted: Mon Oct 16, 2017 15:20    Post subject: Status of a KRACK patch? Reply with quote
So this happened:
https://www.krackattacks.com/

And I'm anxious to patch my routers. Debian has already patched WPA. When can we expect a patch for DDWRT?
Sponsor
IvanI
DD-WRT Novice


Joined: 13 Feb 2012
Posts: 18

PostPosted: Mon Oct 16, 2017 16:03    Post subject: Reply with quote
http://svn.dd-wrt.com/changeset/33525

^

Wait for the next build.
retry
DD-WRT Novice


Joined: 05 Mar 2017
Posts: 15

PostPosted: Mon Oct 16, 2017 16:08    Post subject: Reply with quote
Thanks!
jasonkruys
DD-WRT User


Joined: 13 Dec 2013
Posts: 90

PostPosted: Mon Oct 16, 2017 20:25    Post subject: Reply with quote
Kong appears to be uploading his *525 builds now..
bdg2
DD-WRT User


Joined: 18 Apr 2013
Posts: 318

PostPosted: Wed Oct 18, 2017 2:16    Post subject: Re: Status of a KRACK patch? Reply with quote
retry wrote:
So this happened:
https://www.krackattacks.com/

And I'm anxious to patch my routers. Debian has already patched WPA. When can we expect a patch for DDWRT?


It's only WiFi clients that need patching, so unless you set dd-wrt up as a repeater or similar it doesn't matter.
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7374
Location: YWG, Canada

PostPosted: Wed Oct 18, 2017 2:34    Post subject: Reply with quote
its already fixed with apple, but good luck to andorid.. them and their several months or years or never, for fragmented updates etc. what a huge mess that poor platform is.
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ----> DD-WRT v3.0-r44627 std
[QUALCOMM] DIR-862L ------------------------------> DD-WRT v3.0-r44632 std
[QUALCOMM] WNDR4300 v1 ------------------------> DD-WRT v3.0-r44632 std
[QUALCOMM] DIR-862L ------------------------------> DD-WRT v3.0-r44632 std
▲ ACTIVE / INACTIVE ▼
[BROADCOM] DIR-860L A1 --------------------------> DD-WRT v3.0-r44583 std


If you use DSLReports please enable hi-res bufferbloat.


Sigh.. why do i exist anyway..
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 75

PostPosted: Wed Oct 18, 2017 18:34    Post subject: Reply with quote
hello all,
since the hack is working based on the 4 ways handshake, do you think patching one leg of the connection (i.e.: patching only the router and not clients - for example android devices) is protecting the whole network or not?

i also have a problem with a old surveillance cam that is never going to receive an update on this topic..

_________________
--
Netgear WNDR3700 v.2 - 26081
Tp-Link TL-WR841N v.9.2- 25934
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Wed Oct 18, 2017 19:26    Post subject: Reply with quote
Pattagghiu wrote:
hello all,
since the hack is working based on the 4 ways handshake, do you think patching one leg of the connection (i.e.: patching only the router and not clients - for example android devices) is protecting the whole network or not?

i also have a problem with a old surveillance cam that is never going to receive an update on this topic..


There will be an option in the webif in the next build, that allows to set an flag that will fix that issue even if the client does not have a patch, but it can cause interoperability issues and therefore is off by default.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
retry
DD-WRT Novice


Joined: 05 Mar 2017
Posts: 15

PostPosted: Wed Oct 18, 2017 22:55    Post subject: Re: Status of a KRACK patch? Reply with quote
bdg2 wrote:

It's only WiFi clients that need patching, so unless you set dd-wrt up as a repeater or similar it doesn't matter.


Well I happen to use one router as a WDS station, so yes exactly.
retry
DD-WRT Novice


Joined: 05 Mar 2017
Posts: 15

PostPosted: Wed Oct 18, 2017 22:57    Post subject: Reply with quote
Pattagghiu wrote:
hello all,
since the hack is working based on the 4 ways handshake, do you think patching one leg of the connection (i.e.: patching only the router and not clients - for example android devices) is protecting the whole network or not?

i also have a problem with a old surveillance cam that is never going to receive an update on this topic..


I can't do a thing for your cam, but LineageOS is keeping my Nexus 5 shiny and new. I just installed this week's build which patched wpa_supplicant. If your phone is supported, I highly encourage using it (just like I encourage using dd-wrt on residental routers).
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 75

PostPosted: Thu Oct 19, 2017 5:49    Post subject: Reply with quote
<Kong> wrote:
There will be an option in the webif in the next build, that allows to set an flag that will fix that issue even if the client does not have a patch, but it can cause interoperability issues and therefore is off by default.


This sounds incredibly good!
btw this means that having the router "patched" is not protecting the network (unless this magic option is enabled Smile)
thanks!

@retry: i've been using cyano - lineage for ages on my devices, not a problem Smile
bigger problem is the samsung i have to use for work Smile

_________________
--
Netgear WNDR3700 v.2 - 26081
Tp-Link TL-WR841N v.9.2- 25934
eddwrt
DD-WRT Novice


Joined: 24 Nov 2010
Posts: 14

PostPosted: Tue Oct 24, 2017 4:06    Post subject: Reply with quote
<Kong> wrote:

There will be an option in the webif in the next build, that allows to set an flag that will fix that issue even if the client does not have a patch, but it can cause interoperability issues and therefore is off by default.


This is an amazing option which will help with the vast reality of a lot of the clients which will never be updated.

Do we know which build this will be in?
I've tried 33555 and I don't see anything - but I'm not sure I know what to look for.

EDIT: Here is the setting: Disable EAPOL Key Retries
Info: https://www.dd-wrt.com/wiki/index.php/QCA_wireless_settings#Disable_EAPOL_Key_Retries
Unfortunately currently it seems to be Qualcomm Atheros based only.

Funny how this issue is causing me to finally give in to updating my super stable DD-WRT setups Razz
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum