KRACK protection - is it recommended?

Hey, after seeing up my openwrt AP I noticed that KRACK protection is disabled by default (okay, so is encryption...) so I world like to know some opinions. Does is make sense - are the negative side effects noticeable?

Thx in advance!

Enabling it is recommended, but you need to be aware that not all clients necessarily like this setting (it reduces interoperability chances in edge cases, usually with most devices it's fine though). It's a tradeoff between increasing security and supporting strange/ picky devices.

Be aware that KRACK is a client side vulnerability, if all of your clients run fixed driver versions (sadly unlikely), the AP side mitigation attempts are not necessary.

4 Likes

If I understand correctly, the (KRACK) countermeasure should be enabled on WPA2 and also sae-mixed SSIDs right?

Yes.

(One would hope that drivers/ operating systems supporting WPA3 have KRACK fixed as well, especially as 802.11w is a mandatory feature for WPA3 - but pure WPA3 networks are sadly quite a while away for most of us).

1 Like