Before we answer that question, let’s do some quick high-level Crypto 101. The Advanced Encryption Standard (AES) has been around for over a decade. It’s a symmetric-key cipher, which means the same key is used for both encryption and decryption. While AES traditionally functions as a block cipher that encrypts 128-bit chunks of plain text at a time, it can also be used as a stream cipher—which is how it is implemented in WPA2. Now, the thing with stream ciphers is that reusing a nonce-key pair can result in the complete decryption of traffic. A nonce should never be used with the same key twice. In the WPA2 standard, a nonce is basically a packet counter. Essentially:
generate( 0, key ) → first part of keystream
generate( 1, key) → second part of keystream
generate( 2, key) → third part of keystream
generate( 2^48, key) → last part of keystream
Once the maximum allowed value for the counter is reached (2^48), a new key is generated, and the counter is reset to 0. Since the cipher is rekeyed whenever the counter is reset to 0 (hint, hint), it follows that the same nonce-key pair will never be reused. So what’s the problem?
Enter the key reinstallation attack, or KRACK.
The KRACK vulnerability allows an active adversary to interfere in the conversation between a client and the Wi-Fi access point, forcing the client to reinstall a key that was previously used. When this occurs, the counter is reset to 0 also—leading to the reuse of nonce-key pairs. The keystream that follows will be identical to the earlier keystream, since the nonces (i.e., counter values) are being used with the exact same key that was previously used. Once this keystream is reused, the adversary can (with little effort) decrypt traffic, revealing credit card numbers, passwords, and more.