Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi Alliance Launches WPA3 Security Standard (securityweek.com)

Posted by msmash on from the it's-here dept.

wiredmikey writes: The Wi-Fi Alliance, the organization responsible for maintaining Wi-Fi technology, announced the launch of the WPA3 security standard. The latest version of the Wi-Fi Protected Access (WPA) protocol brings significant improvements in terms of authentication and data protection.

WPA3 has two modes of operation: Personal and Enterprise. WPA3-Personal's key features include enhanced protection against offline dictionary attacks and password guessing attempts. WPA3-Enterprise provides 192-bit encryption for extra security, improved network resiliency, and greater consistency when it comes to the deployment of cryptographic tools.

5 of 97 comments (clear)

  1. Some info by Artem+S.+Tashkinov · · Score: 5, Informative

    Too bad, my submission has been rejected even though it had a lot more information which I'll post anyways:

    New security features include:

    • WPA3 uses the Simultaneous Authentication of Equals (SAE) algorithm, which replaces Pre-shared Key (PSK) in WPA2-Personal, while WPA3-Enterprise uses a more complex set of features that replace IEEE 802.1X from WPA2-Enterprise. These are: authenticated encryption, key derivation and confirmation, key establishment and authentication, robust management frame protection.
    • WPA3 is resistant to dictionary attacks. The Wi-Fi Alliance says that WPA3's SAE is resistant to offline dictionary attacks where an attacker tries to guess a Wi-Fi network's password by trying various passwords in a quick succession.
    • Wi-Fi Easy Connect for WPA2 and WPA3: This feature is aimed at smart (Internet of Things) devices that don't have a screen where a user can configure its Wi-Fi network settings. For example, a user will be able to use his phone or tablet to configure the WiFi WPA3 options of another device that doesn't have a screen, such as tiny IoT equipment like smart locks, smart light bulbs, and others.
    • Wi-Fi Enhanced Open: a proprietary technology, which uses an algorithm known as Opportunistic Wireless Encryption (OWE) to encrypt each connection between a WiFi user and the router/access point with its own custom encryption key. This per-user encryption prevents local attackers from snooping on other users' traffic, even if the network doesn't require a password to join.

    Source

  2. She has huuuuge tracts of land... by the_skywise · · Score: 4, Funny

    WEP sank into the swamp
    So we built WPA on top of it and it sank into the swamp
    Then we build WPA2 on top of it and it caught fire and sank into the swamp
    But WPA3.. WPA3 will stand the test of time!

  3. Opportunistic Wireless Encryption by crow · · Score: 4, Insightful

    Most of this is incremental security improvements, as for most users, WPA2 is still sufficiently secure. However, the big deal here is the opportunistic encryption that will encrypt connections that don't require authentication. That's a big deal.

    I like to leave my WiFi open for guests, but I have to set up a separate network in order to keep my regular use encrypted. Once everything supports opportunistic encryption, I can just have one network. That's not particularly important.

    Where this matters is public WiFi. Many stores have free WiFi with no password. Often they have a login after you connect (annoying, but a separate issue), but there is no encryption on the link. Anyone who knows what they're doing can see every packet you send. When this technology becomes widespread, it will become a bit harder for evesdroppers.

    Of course, using public WiFi, you should be using end-to-end encryption on anything important. This is pretty much standard these days for most things, but too often something slips through.

  4. Most important feature by Anonymous Coward · · Score: 5, Interesting

    Knowledge of the pre-shared key in personal mode no longer give an attacker the opportunity to decrypt everything on the network. In WPA and WPA2, an attacker who knows the PSK (for example that of a public hotspot) can passively record the handshake frames and recover the keys used by other clients. WPA3 prevents this, so even when you use a public hotspot, the connections between your computer and the access point are secure against passive attacks. (An attacker can still perform a MITM attack because there is no way to authenticate a public hotspot with a non-secret PSK.)

  5. Re:Why are there two? by SuiteSisterMary · · Score: 3, Informative

    The very reductive, overly-simplified short form is 'personal asks you for THE wi-fi password. Enterprise asks you for YOUR wi-fi password.'

    --
    Vintage computer games and RPG books available. Email me if you're interested.