Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
releases:17.01:notes-17.01.4 [2017/10/20 00:00] – Make KRACK attack info more definitive richb-hanoverreleases:17.01:notes-17.01.4 [2018/02/17 16:18] – ↷ Links adapted because of a move operation
Line 38: Line 38:
 While the LEDE 17.01.4 release includes fixes for the [[https://www.krackattacks.com/|KRACK bugs in the WPA Protocol disclosed earlier this week]] in the router firmware, these fixes do not fix the problem on the client-side.  While the LEDE 17.01.4 release includes fixes for the [[https://www.krackattacks.com/|KRACK bugs in the WPA Protocol disclosed earlier this week]] in the router firmware, these fixes do not fix the problem on the client-side. 
 **You still need to update all your client devices - computers, phones, tablets, cameras, refrigerators, thermostats, light bulbs, and any other device using Wi-Fi.**  **You still need to update all your client devices - computers, phones, tablets, cameras, refrigerators, thermostats, light bulbs, and any other device using Wi-Fi.** 
-Since some client devices might never receive an update, //hostapd// contains an [[docs:user-guide:wifi_configuration#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] to complicate these attacks, slowing them down. Please note that this does not fully protect you from them, especially when running older versions of //wpa_supplicant// vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default.+Since some client devices might never receive an update, //hostapd// contains an [[docs:user-guide:wifi:start#wpa_key_reinstallation_attack_workaround|optional AP-side workaround]] to complicate these attacks, slowing them down. Please note that this does not fully protect you from them, especially when running older versions of //wpa_supplicant// vulnerable to CVE-2017-13086, which the workaround does not address. As this workaround can cause interoperability issues and reduced robustness of key negotiation, this workaround is disabled by default.
  
 Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE. Due to the version bump of toolchain/gdb to 8.0.1, at least GCC 4.8 is now required to build LEDE.
  • Last modified: 2018/03/03 20:20
  • by 192.0.170.247