For years, WPA2 was considered secure as long as the password was strong. KRACK (Key Reinstallation Attack) shattered this assumption by proving that the handshake itself could be manipulated to reuse encryption keys.
In the WPA2 4-way handshake, the client and AP agree on a session key. KRACK works by intercepting and replaying 'Message 3' of the handshake. This tricks the client into reinstalling the same session key and resetting the nonce (number used once) to zero.
Encryption algorithms like AES-GCM fail catastrophically if the same nonce is used twice with the same key. This is known as 'Nonce Reuse'.
In the trace above, the repetition of Message 3 is the 'smoking gun.' The client, thinking the first Message 3 was lost, accepts the second one and resets its packet counter.
Unlike a dictionary attack, KRACK does not recover the Wi-Fi password. Instead, it allows the attacker to decrypt data and potentially inject packets into the session.
# Conceptual vulnerability: Nonce reset
key = "session_key_123"
nonce = 0
# Packet 1: Encrypted with (key, nonce=0)
# Packet 2: Encrypted with (key, nonce=1)
# KRACK forces nonce back to 0
# Packet 3: Encrypted with (key, nonce=0) <--- Now we have a collision!| Feature | Dictionary Attack | KRACK Attack |
|---|---|---|
| Target | Password (PSK) | Session Nonce |
| Requirement | Captured Handshake | Active MitM |
| Outcome | Full Network Access | Session Decryption |
| Fix | Complex Passwords | Client-side Patching |
The fix for KRACK was implemented at the OS and driver level. Modern devices now ensure that a key is never reinstalled if it has already been used for the current session.
The most dangerous aspect of KRACK was that the vulnerability existed on the client side, meaning the AP could be perfectly secure while the connected laptops were vulnerable.
Verify exercises to earn โ 240 XP and unlock next lab level.