Page 1 of 1

Is ESP8266 SDK 2.1.0 affected by KRACK (WPA2 attack)?

Posted: Thu Oct 19, 2017 10:29 am
by jj2497
Hello,

Is ESP8266 SDK 2.1.0 affected by KRACK (WPA2 attack)? The attack will change WPA2 encryption key to null. I cannot find any clues because of binary library.

Thanks.

Re: Is ESP8266 SDK 2.1.0 affected by KRACK (WPA2 attack)?

Posted: Thu Oct 19, 2017 5:00 pm
by blubb

Re: Is ESP8266 SDK 2.1.0 affected by KRACK (WPA2 attack)?

Posted: Fri Oct 20, 2017 7:02 pm
by jj2497
Thank you!! I'll update those libraries.

Regards

Re: Is ESP8266 SDK 2.1.0 affected by KRACK (WPA2 attack)?

Posted: Sat Oct 21, 2017 3:58 pm
by jj2497
After tried this patch (new libraries), it seems to result in a side effect. I can see the abnormal messages periodically. I set ESP8266 to STATION mode only. It will reset the connection to AP periodically. If I revert back to SDK 2.1.0, it performs all right.

Code: Select all

bcn_timout,ap_probe_send_start
ap_probe_send over, rest wifi status to disassoc
state: 5 -> 0 (1)
rm 0
pm close 7
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 8
cnt

connected with ssid-xxxxx, channel 8
dhcp client start...

Re: Is ESP8266 SDK 2.1.0 affected by KRACK (WPA2 attack)?

Posted: Sun Oct 22, 2017 8:03 pm
by blubb
Under normal circumstances I'd say your WiFi disappeared for a short time (beacon timeout). This is what I see if I reboot my router.
Maybe Espressif lowered the timeout? I don't know. There are more commits since final 2.1.0:
https://github.com/espressif/ESP8266_NO ... its/master
Maybe you can try the last but one version or find out which was the first version with this problem?