WPA3 Protocol Announced

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,551
WPA 3 has been announced and it brings some much needed improvements to WPA2. WPA2 has been around for a long time and its time is finally coming to an end thanks to the Wi-Fi Alliance. The primary improvement that should be of note is it will provide individualized data encryption in open networks and prevent others from being able to see what's passing through the network. Other nice improvements are on the way as well and you can see them in the official announcement.

Building on the widespread adoption and success of WPA2, Wi-Fi Alliance will also deliver a suite of features to simplify Wi-Fi security configuration for users and service providers, while enhancing Wi-Fi network security protections. Four new capabilities for personal and enterprise Wi-Fi networks will emerge in 2018 as part of Wi-Fi CERTIFIED WPA3™.
 
About time....

But correct me if I'm wrong, doesn't this sound not that encouraging to anyone else?

"Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial."

Doesn't basically every browser out there already use a 256 bit security suite? This seems like a step backwards from what is out there.
 
Might drive me to buy a new router, mine is like 10 years old but still works great (dir-655)
 
I honestly couldn't even tell you about WPA2 launching. Nothing was clear to me at that time what it was, or what the difference was between the options. I think I chose WEP around like 2000 because it was the only thing I had heard of. When you had to choose you had to pick from WEP or TKIP, it wasn't very clear or obvious that TKIP was better. That was still WPA, and I don't even know which device WPA2 slipped into first with the AES option.

EDIT: The best I can gather is that if you had an 802.11b device, you might have either bought it with WPA / TKIP enabled, it was updated at some point in software to support it, or it only ever supported WEP. If you had an 802.11g device, it likely supported WPA2 out of the box.
 
Last edited:
bman212121 said:
About time....

But correct me if I'm wrong, doesn't this sound not that encouraging to anyone else?

"Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial."

Doesn't basically every browser out there already use a 256 bit security suite? This seems like a step backwards from what is out there.
Click to expand...

CNSA encompasses a number of algorithms. Without knowing which one, and how it is being used, it's hard to say if 192-bit is a step back or not.

If it is as you assume, AES-192, it's still in theory safe vs. anything not a nation state level effort to crack.
 
bman212121 said:
About time....

But correct me if I'm wrong, doesn't this sound not that encouraging to anyone else?

"Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial."

Doesn't basically every browser out there already use a 256 bit security suite? This seems like a step backwards from what is out there.
Click to expand...

It has NSA in the name, so it has to be trustworthy.
 
"WPA3 protocol announced, WPA3 cracked before ratification... more news at 11."
 
Zarathustra[H] said:
So, will this require new hardware or will it be flash able with firmware?
Click to expand...

It's handled entirely in software, but device drivers may need updating in many cases. I'm sure vendors will be very helpful during the transition. /s
 
dgingeri said:
Yet it doesn't block out WPS, so it is still very vulnerable. It's meaningless.
Click to expand...
THIS.

Might as well make a really strong new protocol and then leave a gigantic security hole that my mother could exploit. Wireless hardware companies care zero about real security, only the cool stuff they can print on the boxes -- new and improved.
 
velusip said:
It's handled entirely in software, but device drivers may need updating in many cases. I'm sure vendors will be very helpful during the transition. /s
Click to expand...

Well, I'm assuming that most consumer routers will refuse to upgrade the firmware, offering the feature on a new device to try to sell more of them. There's always DD-WRT though.

Personally I'm wondering about my Unifi AP's. I'd imagine all devices still supported would get a new firmware pushed to them.
 
Burticus said:
Might drive me to buy a new router, mine is like 10 years old but still works great (dir-655)
Click to expand...

Thought that number sounded familiar. Reused a larger antenna from a previous router on one of the outputs. Works great even with the growing clutter of ISP hotspots. Sadly, not on the list of supported DD-WRT devices.
 
RealBeast said:
THIS.

Might as well make a really strong new protocol and then leave a gigantic security hole that my mother could exploit. Wireless hardware companies care zero about real security, only the cool stuff they can print on the boxes -- new and improved.
Click to expand...

It's like building a castle with 15ft walls, with only an open door frame for the front door.
 
Zarathustra[H] said:
Well, I'm assuming that most consumer routers will refuse to upgrade the firmware, offering the feature on a new device to try to sell more of them. There's always DD-WRT though.

Personally I'm wondering about my Unifi AP's. I'd imagine all devices still supported would get a new firmware pushed to them.
Click to expand...

Also hoping Ubiquiti updated all supported Unifi AP's to support this. They have been pretty good about firmware updates so far.
 
So another closed security protocol from the WiFi alliance with no outside security professionals looking at it. What could possibly go wrong!?
 
You must log in or register to reply here.
Back
Top