How does WPA3 provide better security
WPA3 protects against WLAN intrusions and connects devices without a display
As expected, the industrial organization Wi-Fi Alliance (WFA) has expanded the WLAN specifications for authentication and encryption to include the improved WPA3 process. The move is necessary because the WPA2, introduced in 2004, has gradually become full of holes. The WFA unites many chip and device manufacturers and certifies WLAN devices - soon also with regard to the WPA3 function. Cross-manufacturer compatibility is to be expected for the introduction from 2019. In addition, the WFA guarantees "interoperability with WPA2 devices" so that WPA3 does not lock out older devices.
As with its predecessors, WPA and WPA2, there are two variants of WPA3: The main difference is that WLAN routers and bases (access points), which are designed for private use (personal), only have one common key for all users of theirs Use radio cells (pre-shared key, PSK). With the company variant called WPA3-Enterprise, an administrator assigns each user their own key.
Against dictionary attacks on simple passwords
WPA3 brings various new functions to simplify handling and increase security. The WFA calls among other things a "more robust authentication" and "improved cryptography". At the same time, WPA3 cuts off old braids and explicitly excludes unsafe protocols. In the certification tests, the WFA also checks whether the devices actually implement these guidelines.
This is important because WPA2 is vulnerable to an offline dictionary attack on weak passwords; the attack only requires the recording of handshakes. This does not mean that WPA2 is completely unusable, but the WFA wants to bring an improvement before an even bigger hole is discovered in WPA2. It therefore relies on the SAE (Simultaneous Authentication of Equals) method in WPA3-Personal when exchanging keys using a pre-determined password. The method is intended to make it extremely difficult to crack the password offline and also prevent the subsequent decryption of user data (Perfect Forward Secrecy).
Some observers doubt the usefulness of WPA3-Personal because many Internet applications use TLS and thus cannot be sniffed out even in unencrypted hotspots. These include, for example, cloud synchronization, most messaging apps, many mail offers and increasingly also web services. However, WPA3 not only excludes unwanted readers, but also prevents the intrusion into private networks by means of dictionary attacks on weak passwords.
In addition, the WFA advertises WPA3-Enterprise and the new optional operating mode with a 192-bit cipher. This brings "additional security" for networks that transmit confidential data, and is particularly useful for government agencies and the banking industry. However, the expansion does not go down well everywhere, because it is not backwards compatible, so that it would require investments in new devices. For example, the WLAN service provider Eduroam expressly warns in a current advisory against setting up the 192-bit mode as part of the Eduroam service. Eduroam (education roaming) offers a worldwide WLAN roaming service for research and teaching. Participants can use WLANs from institutions and research facilities in 72 regions around the world with a single account. Eduroam provides the participants with authentication against the RADIUS server of their home WLAN.
Switching for devices without a display
The Easy Connect mode is also new and remarkable. This is intended to simplify the WLAN coupling of devices that have no or very simplified user interfaces. The WFA is thus targeting the growing Internet of Things (IoT) market. With Easy Connect, users could in future add any device to their WLAN by using the user interface of another device, such as a smartphone. To do this, a smartphone scans the QR code of the target access point and the QR code of the IoT device using a specific app. Based on the data recorded via the QR codes, the IoT device is then provisioned for coupling with the access point. It then automatically logs into the new WLAN.
Details on the WPA3 procedure can be found in the c't article
(dz)Read comments (141) Go to homepage
- Why is Japanese cutlery so expensive
- How pure is packaged ghee
- How do I register with Eventdex
- Can you suggest some good Korean songs
- How many emperors are there left?
- How do you pray God's promises
- What job is urgently needed at NASA
- Is GST mandatory for MSME registered companies
- What is the private LTE market size
- Should Luxottica be dissolved
- What are the special features of Switzerland?
- Life in Mexico is pointless
- Is it worth trying hypnotherapy
- When will the iPad OS be released?
- Why is India not dividing
- How autobid systems work for crowdlending platforms
- Who can submit an amicus letter
- Salesforce developers actually write code
- Can a man get rich honestly?
- Breathe fire
- Is the Avogadros number hypothetical
- What are jobs like engineering
- What are the good examples of polymorphism
- What should I know about Girish Karnad
- How do I motivate myself through God
- Can an iPhone really last a lifetime?
- What are Brian Bis's favorite physics books
- Can you decipher the word NMEAAG
- What does DDT mean chemically
- Why shouldn't small businesses give discounts?
- How do I install Jenkins CI
- Where is Home Depot's headquarters located
- How old is Burger King