Jadagul wrote: Sandy wrote: ↑17 Oct 2017, 02:07
Jadagul wrote:I'm really confused about why MS was able to get a patch out already, and Google is expecting to take most of a month.
Because it's a flaw in the spec, not the implementation, and MS is historically extremely OK rolling out implementations that don't conform to the spec.
So what, MS rolled out a fix that breaks the spec, and google etc are taking longer because they want fixes that conform to the spec?
Pretty much. Microsoft is light years better than they were in the "Embrace, Extend, Extinguish" 90s, but they are less enthusiastic about standards than the other players, with the occasional exception of Apple.
The other question is how well they tested the fix against router implementations. It may be they all use a couple of different chipsets and once you confirm it still works with them and defeats the attack, you're golden. But I don't know much about that or where the implementation is coded on the router side.
Another unknown is, when the standard is updated, whether it breaks MS's implementation...or whether they adopt MS's fix, or whether MS will be out of spec but still compatible in practice...and whether that will affect anything later.
Of course, this may just be the death knell for WPA2 like WEP before it, so there won't be any more spec revisions past a quick fix for this.
It's possible all my concerns are moot. MS is much more amenable these days, and I'm definitely not saying what they did was wrong, practically speaking. They just have that tendency left over from the bad old days.
Hindu is the cricket of religions. You can observe it for years, you can have enthusiasts try to explain it to you, and it's still baffling. - Warren