unfortunately this is not true. By sitting in the middle of a WiFi connection (as KRACK lets an attacker do) he/she can run an SSL decryption process that will unencrypt and then re-encrypt all data you send and recieve. So in effect you encrypt data, send it to the attacker - who decrypts it. The attacker then re-encrypts the data nad sends it to the original website you were trying to get to.
The fix for this is something called certificate pinning that will ensure that the data is not decryped and re-encrypted in transit. However, sites such as Wells Farg, Chase, Bank or America and DO NOT use cetificate pinning and therefore your data can be read.
... View more