<Ansuel>
After an initial successful authentication to an OpenWrt AP, a WPA3 client can reconnect to the AP with any random password provided MAC address remains the same. A malicious network observer could just read MAC and use it to gain access to network bypassing authentication.
<Ansuel>
for some reason the algo goes from sae to open after first auth ?
<russell-->
networks should be open anyway, /me approves
<ynezz>
bloatware, use cables, luke
<nbd>
Ansuel: wow, that's really weird
<jow>
pff cables, carry the disk over to the other room
<nbd>
though i'm somewhat skeptical about the report
<nbd>
because in the wrong-password case, it says WPA: pairwise key handshake completed (RSN)
<Ansuel>
nbd i bet it's something in mixed wpa2 and wpa3 or the algo getting wiped somewhere in the codeflow? If it's true it's a massive security hole
<nbd>
i don't see how a RSN handshake could complete with the wrong password and allow data transfer
<Ansuel>
the guy provided repro config tho so it should be ""easy"" to repro?
quinq has quit [Ping timeout: 480 seconds]
<nbd>
i wonder if his client somehow caches the old credentials and tries them via SAE
<nbd>
i mean not via SAE
<nbd>
but PSK
<jow>
Ansuel: wrt. that ticket... extraordinary claims require extraordinary evidence
quinq has joined #openwrt-devel
<Ansuel>
it's very strange, the repro steps looks too easy to be true. He claimed the wpa3 is broken like it's just a marginal bug LOL
<jow>
with zero evidence to back up, execept a few log lines from hostapd
<rsalvaterra>
Holy crap, just read the bug report now.
<jow>
at the very least I would've expected pcaps, client sdie wpa_supplicant logs etc.
<Ansuel>
Should I test it... the thing looks basic enough...
<jow>
how was the client disconnected?
<jow>
sta kacked, client side triggered?
<nbd>
Ansuel: sure, would be good to have another data point
<jow>
how was the password changed and the reconnect performed?
<nbd>
i just asked for clarification in the ticket
<jow>
what was the client in the first place? linux/wpa_supp, android, ios, windows, ...
<Ansuel>
QCA9563 ath10k i guess
<jow>
the client mac looks random, which hints at a mobile client
<robimarko>
Ansuel: BTW, I see you merged ipq60xx
<robimarko>
:)
<Ansuel>
robimarko yep but I need to check if some patch can be upstreamed, for the basic support it's good (still no wifi tho)
<robimarko>
Ansuel: Yeah, I plan to restart working on it
<Ansuel>
jow nbd this is the confusing part... Connect to AP with any random password ensuring MAC address remains the same
<robimarko>
Mantas did upstream most of the patches he added
<Ansuel>
is another device used?
<Ansuel>
i mean i can use the samsung ""privacy"" feature that randomize mac on public wifi
<robimarko>
Every phone has that
<Ansuel>
nha that doesn't make sense... he say mac is the same
<jow>
tbh it reads like one of those "port forwards are broken" reports
<Ansuel>
with a simple test following his steps the phone correctly ask me the password again
<Ansuel>
Openwrt One is a good thing and people are already creating drama out of nothing o.o
<jow>
yes, the punishment of voluntarily doing something
<jow>
"you're producing e-waste"
<jow>
"you're killing openwrt"
<robimarko>
No good deed goes unpunished
<jow>
"you suck and your idea is crap, go die"
<jow>
"fuck you and fix your damn software instead"
<jow>
makes one really enthusiastic about our community :)
<robimarko>
I learned the hard way not to look for encouragment or thanks in the largest part of the community
<jow>
yep
<robimarko>
They somehow keep forgetting that nobody has an obligation to work on stuff they need
<Ansuel>
the fun thing is that in the meeting we just talked about a new minor release and we were planning in the next 2 weeks if everything was right LIKE GOD DAMN >:(
Borromini has joined #openwrt-devel
<jow>
even funnier is that the last maintenance release was twelve (!) weeks ago
<jow>
with christmas holidays in between
<Ansuel>
In all of this, one thing is ""good"". It seems people are curious about it and the project was noticed.
<Ansuel>
robimarko sorry didn't notice your pr :(
<f00b4r0>
nbd: hi, dunno if you saw my mt7915 crashdump? The device is still running but eventually will have to be rebooted as wifi is unuseable
<jow>
robimarko: oh, there's no obligation? all those wasted years! ;)
<f00b4r0>
heh :)
<nbd>
f00b4r0: i've seen it, thanks. just didn't get around to analyzing it properly yet
<f00b4r0>
nbd: no worries, do you think you'll need more data from the device or can I reboot it?
<nbd>
one thing i suspect is that there is an issue with too much broadcast traffic potentially overflowing hw queues
<nbd>
so i'm planning on attempting to add AQL for broadcast packets in mac80211 soon
<nbd>
just need to find the time for it
<Ansuel>
that might also benefits ath
<robimarko>
Ansuel: No worries, I just made it like 10 minutes ago
<nbd>
Ansuel: definitely
<nbd>
that's why i decided to not try to deal with this in mt76 but move the solution to mac80211