So, question: My operating systems have all been patched (Windows 7SP1, 8 and 10). Does that mean that my PCs are safe to use normally, or am I still vulnerable because of the router?
If your PC is patched and your router is still vulnerable to this attack then it depends on which device initiates the handshake.
One direction of your data stream can be decrypted (decrypted in terms of WPA2). If you are still encrypting your information with TLS (https) then you are completely safe.
The KRACK attack puts you in a situation comparable with a free wifi hotspot in a public place.
If your PC is clean and you are communicating via https (valid signatures from website provider) you are safe.
Thanks for the info. If I understand correctly, anything sent over https is safe from this attack. So, that should cover all my bases -- my banking sites, email, crypto exchanges, charting sites and Bitcointalk are all sent over an https connection.
If you live in that densely populated area then you will want to use a VPN to connect to any website you need to login to if you are using WiFi.
The primary risk to crypto users is MITM attacks when depositing crypto (and to a lesser extent withdrawing crypto- many businesses use certain precautions that make these attacks more difficult). Assuming you aren’t using a web wallet, your private keys are safe and any transaction you sign can’t be changed (although you can be tricked into sending to an incorrect address), and unconfirmed transactions are no longer safe to accept due to the fee market, and faking a block would be very expensive and would not be guaranteed to work.
You would recommend using a VPN to log into websites, even if our OS is patched and sent over https? Getting conflicting messages in this thread. Also, just to confirm, there's no way this attack can expose the private keys in our desktop wallet, right? Because nothing would be sent over Wi-fi except the signed transaction. I think...
