[Librecmc-users] [Fwd: [SECURITY] [DSA 4430-1] wpa security update]

Robert Call bob at librecmc.org
Fri Apr 12 04:32:45 EDT 2019


On Thu, 2019-04-11 at 20:41 -0400, Robert Call wrote:
> On Thu, 2019-04-11 at 09:56 -0800, Christopher Howard wrote:
> > Hi, I was just wondering if any of this could be a concern for my
> > librecmc systems, using WPA2 authentication.
> > 
> ...
> 
> > https://security-tracker.debian.org/tracker/wpa
> 
> The short answer is, no. The libreCMC project does not support "WPA3-
> Personal" because it is not ready yet and many devices don't support
> it.
> 
> In libreCMC v1.4.x :
> 
> * EAP-PWD[1] is not enabled in the default build configuration and is
> not exposed in buildroot.
>   
> * SAE[2] authentication is limited to mesh networks (802.11s / wpad-
> mini) and is disabled by default.
> 

I made a mistake : 

* SAE[2] authentication is limited to mesh networks (802.11s / wpad-
mesh) and is disabled by default.

> TLDR; The issues laid out in the "Dragon Blood" paper are not
> applicable to *most* libreCMC users.
> 
> 
> [1] EAP-pwd missing commit validation :
> https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
> 
> [2] SAE confirm missing state validation : 
> https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
> 
> 

--
Robert Call (Bob)
bob at librecmc.org
https://librecmc.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.librecmc.org/pipermail/librecmc-users/attachments/20190412/0e376ed9/attachment.sig>


More information about the Librecmc-users mailing list