Key reinstallation attacks vulnerability

All ESP8266 boards running MicroPython.
Official boards are the Adafruit Huzzah and Feather boards.
Target audience: MicroPython users with an ESP8266 board.
Post Reply
Pio
Posts: 1
Joined: Mon May 02, 2016 10:03 pm

Key reinstallation attacks vulnerability

Post by Pio » Wed Oct 25, 2017 5:24 pm

Hi,

Is the current version of Micropython firmware for ESP8266 vulnerable to key reinstallation attacks (KRACK)? I noticed that espressif have released an update for some sdks on github.

Joe

jcea
Posts: 27
Joined: Fri Mar 18, 2016 5:28 pm

Re: Key reinstallation attacks vulnerability

Post by jcea » Fri Nov 03, 2017 12:47 pm

I have the same question. Is Micropython 1.9.3 release safe?.

pfalcon
Posts: 1155
Joined: Fri Feb 28, 2014 2:05 pm

Re: Key reinstallation attacks vulnerability

Post by pfalcon » Sat Nov 04, 2017 11:43 pm

Alpha patches for building MicroPython with SDK version which vendor marked as resolving the key reinstallation vulnerability is available: https://github.com/micropython/micropyt ... -341937988 .
Awesome MicroPython list
Pycopy - A better MicroPython https://github.com/pfalcon/micropython
MicroPython standard library for all ports and forks - https://github.com/pfalcon/micropython-lib
More up to date docs - http://pycopy.readthedocs.io/

Post Reply