Unofficial OpenBSD Announce is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Unofficial OpenBSD Announce @openbsd@mastodon.social

@Thib @wxcafe Yes the problem in a nutshell is that replayed key messages caused nonces to be reset (as it happens when a new key gets installed).

This means parts of the keystream will be reused, and that allows for further attacks on the crypto.

As 's de-facto wifi maintainer, I first learned about this WPA problem in June. A simple patch was provided which I could commit with slight modifications.

The original embargo was already 2 months long, and then extended again for 2 months.

The generall public (you) were left in the dark about this for at least 4 months.

This is a very sad state of affairs. It takes the industry much too long to apply a simple patch.

looks like fixed the attack in 6.1 Errata 027. This is also fixed in 6.2-release.

The signify keys for the upcoming 6.2 release:

base: RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
fw: RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
pkg: RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI

The signify keys for the upcoming 6.2 release:

base: RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
fw: RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
pkg: RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI