Again a very well-reasoned reply, thank you. While I agree with some of what you wrote, we clearly differ on one, key notion: where the attack will occur and why. By what you’ve written here, it’s clear that you think I’m suggesting that the hack will occur on some random schnook’s home router:
“Yes, you can crack WPA2 with KRACK. Yes, if you do, you can compromise the security of a local link, and all of the vulnerable devices on that link will be easy to attack. But what are the chances that someone’s going to attack your link?”
Only, that’s not what I believe: rather, I believe that no one can accurately predict where the exploit can or will happen. Therefore, the public’s only option is to update all of our WiFi-enabled devices with the patches that address the KRACK exploit and/or use a VPN to ensure end-to-end encryption of our data. For you or I to suggest otherwise is dangerous.
We all leave the house and expose ourselves to any number of public, free WiFi networks during the day — including those that may or may not be safe. Additionally, you most likely know how easy it is for someone with malicious intent to spoof a WiFi portal in a public place. There’s nothing stopping someone from doing exactly the same in a private residence or business.
I can’t be assured that every private WiFi portal I log into is safe and neither can you. Even if you had all of the tools to do, the general public does not. This means, essentially, that best practices must be followed no matter where folks log on.