Slashdot Mirror

← Back to Stories (view on slashdot.org)

With WPA3, Wi-Fi Security is About To Get a Lot Tougher (zdnet.com)

Posted by msmash on from the next-up dept.

One of the biggest potential security vulnerabilities -- public Wi-Fi -- may soon get its fix. From a report: The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things.

One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated. Further reading: WPA3 WiFi Standard Announced After Researchers KRACKed WPA2 Three Months Ago

5 of 121 comments (clear)

  1. Freudian slip, anyone? by davecb · · Score: 5, Insightful
    I'd hope security would get better, but maybe it does just get tougher (;-))

    --dave
    [English, ambiguity is your middle name]

    --
    davecb@spamcop.net
  2. Better, but not best. by MachineShedFred · · Score: 5, Insightful

    Yes, this will prevent open-air sniffing of your packets.

    VPN or HTTPS is still better, because after those packets arrive at the access point, they are unencrypted over whatever wire the AP is plugged into. WPA only covers the wireless link; HTTPS or VPN (or both!) encrypt much farther through the network, if not the whole way.

    The first thing I do on an open WiFi network is connect to a VPN.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    1. Re:Better, but not best. by Hal_Porter · · Score: 4, Insightful

      It doesn't hurt to have multiple redundant levels of security. I.e. HTTPS over VPN over WPA3.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    2. Re:Better, but not best. by sexconker · · Score: 3, Insightful

      A cert is just a password in a file. If you're using an external cert authority you have additional weaknesses with them and anyone up the chain (and governments).

      A strong password is the best security option there is.

      The only security benefit certs provide is revocation, but that can just as easily be implemented with passwords if you want. Just publish a list of hashes that are invalid. It can be a unique hash if you also publish a new salt alongside it, but it doesn't matter. (The username, hash, and salt are considered to be non-secret. If your encryption is strong and no one is using retarded passwords, it doesn't matter if those things are public.)

      Expiration already is handled with passwords.

  3. Needs certification too by Anonymous Coward · · Score: 3, Insightful

    There needs to also be some kind of certificate system added for open networks. Starbucks ought to be able to register their network with a CA, so that itâ(TM)s possible to verify that that open network with the SSID âoeStarbucksâ is not a phishing network.