With WPA3, Wi-Fi Security is About To Get a Lot Tougher

One of the biggest potential security vulnerabilities -- public Wi-Fi -- may soon get its fix. From a report: The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things.

One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated. Further reading: WPA3 WiFi Standard Announced After Researchers KRACKed WPA2 Three Months Ago

Freudian slip, anyone?

[davecb]

I'd hope security would get better, but maybe it does just get tougher (;-))

--dave
[English, ambiguity is your middle name]

Re:

[Anonymous Coward]

Ha, I fooled you! My password is "abc12321cba" so there!

Re:

[KozmoStevnNaut]

For wifi, you can generate a QR code that will let devices easily connect. This lets you use a long randomly-generated passphrase, without the hassle of having to type it in manually.

It's extremely convenient if you have guests over.

Re:

[KozmoStevnNaut]

Any newer Android phone will recognize QR codes in the camera app, but you don't take a picture. You let the app recognize the QR, which usually takes a second or two. If not, get the QR Droid app.

QR codes are everywhere, it's extremely unlikely that this is the first time they've had to use one.

Re:

[Anonymous Coward]

"The standard will replace WPA2, a near-two decades-old security protocol"

More ZDNet hyperbole. WPA2 was ratified 24 June 2004, which is roughly 13.5 years ago - nowhere close to two decades.

Re:

[arglebargle_xiv]

And it's going to use:

a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems

which decrypts to:

a security suite created by a front for the NSA

I think I'll stay with KRACK-patched WPA2, thanks.

Re:

[jrumney]

Given that it relies on a new "CNSA" encryption algorithm (C for Circumventable), I think WPA2 is going to be with us for a while longer.

Better, but not best.

[MachineShedFred]

Yes, this will prevent open-air sniffing of your packets.

VPN or HTTPS is still better, because after those packets arrive at the access point, they are unencrypted over whatever wire the AP is plugged into. WPA only covers the wireless link; HTTPS or VPN (or both!) encrypt much farther through the network, if not the whole way.

The first thing I do on an open WiFi network is connect to a VPN.

Re:Better, but not best.

[Hal_Porter]

It doesn't hurt to have multiple redundant levels of security. I.e. HTTPS over VPN over WPA3.

Re:Better, but not best.

[ledow]

Indeed. I used to VPN over my internal Wifi that only I knew the password for.

WEP was cracked? Didn't matter.
VPN software was cracked? Didn't matter.
WPA was cracked? Didn't matter.

So long as they aren't ALL cracked at the same time, you're safe. And there was no measurable latency or other additions, but full end-to-end verification and encryption, TWICE. I used to game CS over it.

Give yourself enough layers and you don't have a window where you're vulnerable to compromise, whereas everyone just reliant on "WPA2 being secure" does. This gives you time to update, replace hardware, change settings, test if you're vulnerable, etc.

Re:Better, but not best.

[sexconker]

A cert is just a password in a file. If you're using an external cert authority you have additional weaknesses with them and anyone up the chain (and governments).

A strong password is the best security option there is.

The only security benefit certs provide is revocation, but that can just as easily be implemented with passwords if you want. Just publish a list of hashes that are invalid. It can be a unique hash if you also publish a new salt alongside it, but it doesn't matter. (The username, hash, and salt are considered to be non-secret. If your encryption is strong and no one is using retarded passwords, it doesn't matter if those things are public.)

Expiration already is handled with passwords.

Re:

[fisted]

A cert is just a password in a file.

That's bullshit. If a cert is "just a password in a file", how come I can (and have to) send you that file in order to authenticate against you? If I send you my password, I'm fucked; if I send you my cert, I'm not.

But since your understanding of X.509 is obviously crappy, I'm not convinced you're convinced yet, so let me put this in simpler terms: If a cert is a password in a file, and a cert is a data structure built around a public key, then what is the public key? Also a password in a file?

The close

Re:

[fisted]

But of course.

pats head

Re:

[fisted]

That you think two different strings of texts are different

That you think two different strings are not different is, frankly, retarded.

and one has magical powers is cute.

I'm not saying one has magical powers, I'm just pointing out that there's a substantial difference between password-based authentication and X.509-based authentication. Anyway, I'm not going to explain it again since it's obviously over your head.

Re:

[Zaelath]

And this is why people who understand PKI make the big bucks...

Kerberos 1980s, CHAP (1996) or digest 1997 passwor

[raymorris]

> a "password in a file" would be the private key, but even that isn't really a good comparison, because you never transmit your private key

Since at least the 1980s (Kerberos) and dial-up modems used CHAP in 1996, you can authenticate via a password without transmitting the password.

There are even better algorithms that use passwords, without transmitting or storing them on the server. For example, the server can store a salted bcrypt of the password. Upon login, the server generates a random number (t

Re:

[fisted]

Since at least the 1980s (Kerberos) and dial-up modems used CHAP in 1996, you can authenticate via a password without transmitting the password.

Yes, true. (Although it's 2018 and I have yet to see an ISP that wouldn't use PAP)

There are even better algorithms that use passwords, without transmitting or storing them on the server. For example, the server can store a salted bcrypt of the password. Upon login, the server generates a random number (the challenge) and sends that to the client, along with the salt the server has chosen for this user. The client then computes and sends:

H(H(Hs(password, salt)), challenge) xor Hs(password, salt)

The server can verify that without having the password transmitted, or stored on the server.

Interesting, although the last authentication protocol I've heard to have that property (MS-CHAP, not that I knew many authentication protocols) was broken.

You would be correct to say that *sending plaintext passwords over the network (1970s style)* is much less secure than public keys.

Yes, however it's not like "sending plaintext passwords over the network" wasn't a common thing in 2018.

You can certainly use passwords without sending them over the network, though - that issue has been solved for decades.

Yes. You've just explained one and referred to another. You got your point across, no need to be redundant.

> Plus, even shitty private keys (1024 bits) are way stronger, entropy-wise, than a password so there's that, too.

Much like a LONG password (pass sentence).

Well, who uses a LONG pass sentence? It has to be pretty long

Re:

[MikeBabcock]

I'm always surprised Kerberos didn't get used for WPA.
Radius servers with WPA2-Enterprise is interestingly far more secure than the WPA2 most people use at home.

Re:

[sexconker]

A cert represents a secret.
A password is a secret.

When someone downloads your cert they can verify that it was signed with a secret key.
When you use a password in most systems, they're doing the same check in a slightly different way. They take the password you sent and verify that it's the correct secret by pushing it through a hashing algorithm and verifying the result matches the established, good value.

With a third party certificate authority, that initial establishment of the good value is skipped beca

Re:

[fisted]

A cert represents a secret.
A password is a secret.

There you have the fundamental difference #1. Although I wouldn't exactly say the cert represents the secret. It's a data structure around a non-secret that was signed by a secret.

They take the password you sent and verify that it's the correct secret by pushing it through a hashing algorithm and verifying the result matches the established, good value.

Yes. Do you not see how in this case you're transmitting the secret while in a certificate case you're not transmitting the secret?

(Hint: They never, ever do. Even EV certs are a joke.)

That's just not true.

Just because the terms "password" and "cert" are used doesn't mean they're fundamentally different. They're both built upon a single core concept, a secret.

Just because two things are built upon a similar concept doesn't mean they're the same. A lot of things are built upon the concept of a secret and have nothing to do whatsoever

Re:

[sexconker]

Nope, I actually understand it quite well. Certs represent nothing more than a secret. A "valid" cert is simply one that is signed with a secret.

You don't have to transmit that secret to verify it, but you don't have to do that for passwords, either. raymorris covered it quite well.

Re:

[MikeBabcock]

A cert is nothing like a password in a file. You should learn what RSA is.

Re:

[sexconker]

A cert is nothing like a password in a file. You should learn what RSA is.

I know about RSA.

A properly signed cert represents a secret, the private key. Nothing more. You don't know how that private key was obtained. Was it trivial to crack / reused from a decade old cert? Was it leaked/stolen? When you have a CA in the mix you add all the possibilities for the CA to be fucking useless, be subverted by the government, etc.

A password is a secret. A private key is a secret. There's no fundamental difference between the two. Just as there's no fundamental difference between a p

Re:Better, but not best.

[Anubis IV]

While all of that is good, nothing beats a wired Ethernet connection. That's why I always connect via Ethernet to wireless routers I bring with me that I've configured to act as bridges for the public WiFi hotspots I visit. I get the low latency and security of a wired connection while also gaining the benefits of wireless. It's the best of both worlds.

Note that I said "routers", plural. For maximum convenience, I've purchased separate wireless routers for each public hotspot I visit, that way I don't have to waste any time reconfiguring them each time I visit a different hotspot. I just pull out the appropriate one, plug it into my UPS, and away I go with simple but secure Internet surfing. And adding VPN to the mix is as easy as using Ethernet to connect a VPN-serving router to the bridge-mode router, then using a cellular hotspot to connect to the VPN. You still get all the benefits of both a wired connection and VPN while being able to enjoy Internet access anywhere you can find a public hotspot. As a nice bonus, you only ever need one VPN-serving router and one cellular hotspot in total, rather than one device per hotspot as was the case with my bridge-mode routers, so it saves on costs.

Some might try to suggest that even with those savings it still costs more than it's worth, but I don't think you can put a price on the level of convenience, security, and speed that I enjoy thanks to this setup.

Re:

[Anubis IV]

Sorry, I couldn’t hear you over the sound of my UPS beeping at me as I enjoy my convenient, wired connection at a local wireless hotspot. Were you saying something that clearly missed the point of what I was saying? Because I think you were.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[VeryFluffyBunny]

Yes, this will prevent open-air sniffing of your packets.

Hey babe, you can sniff my packets anytime ;)

But seriously, yes, going on public WiFi without a VPN is like having casual sex without condoms: Sooner or later, you're gonna get infected with something nasty.

Re:

[Strider-]

But seriously, yes, going on public WiFi without a VPN is like having casual sex without condoms: Sooner or later, you're gonna get infected with something nasty.

People keep saying this, but it's simply not true. Anything of any import, even damned cat videos, are secured by https these days. If someone sniffs your packets, all they see is cyphertext, basically indistinguishable from line noise. If they try to inject something your browser should be throwing up a big SSL violation warning. Besides, even if the wifi is secure, is the AP? The router? the next hop after that? Once it gets off the air, it's in the clear anyway.

Server Name Indication

[tepples]

Anything of any import, even damned cat videos, are secured by https these days. If someone sniffs your packets, all they see is cyphertext

The ClientHello message that opens a TLS session contains the destination hostname in cleartext, so that the server can tell which name-based virtual host's certificate to present.

Re:

[tepples]

I take SNI as a given because since April 2014, every web browser that receives security updates uses SNI. The last widely used web browsers that didn't were Android Browser on Android 2.x and Internet Explorer on Windows XP.

Re: Better, but not best.

[Brockmire]

What? Fuck no. For starters, DNS requests.

Re:

[Njovich]

A properly setup VPN is better, yes. However, in the real world many people either can't or won't use a VPN. For those cases this would be a massive security improvement.

Re:

[Strider-]

The first thing I do on an open WiFi network is connect to a VPN.

For better or worse, you do that on my network, you're going to to get QoS'd to hell. Not because I'm against VPNs, but just due to the nature of the QoS I'm running. At my choke point, I'm running weighted fair queuing. There are something like 2000 queues, and packets get dumped in a queue based on a hash of the source/destination ip and port number combos. Since all your traffic is goign through the VPN, it's all going through a single connection, and thus winds up in a single queue, while my https reque

Re:

[FuzzyDaddy2]

If you're running a VPN over a satellite link, you've broken your TCP acceleration and are going to get very slow TCP connections in any event.

Re:

[Strider-]

3.3 shared by 50+ people. ;)

That said, it's in the ass end of nowhere east of Seattle, in some of the most rugged terrain you've ever seen. Bringing in fixed wireless would require probably close to a million bucks just to construct (plus an act of congress, no joke), and fiber would be akin to laying an oceanic cable, through a lake. So satellite it is.

Re:

[tepples]

Microwaves are fixed wireless. Thus it "would require probably close to a million bucks just to construct (plus an act of congress, no joke)".

Eh?

[ledow]

"One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated"

Sure. But your computer will still not know that the CoffeeShop SSID that they're connecting to was the one the shop set up, though, will they? There's no exclusivity for SSIDs and if there was, it'd be a denial-of-service opportunity.

Once connected, and a secret shared, yes. But with no password the initial connection is still giving people a chance to shove you on THEIR connection rather than the one you think, and then you can be WPA3-authenticated to them rather than what you thought without having a clue.

Re:

[ArtemaOne]

That's an interesting thought. You can fit a mobile wi-fi hotspot into a pocket. Give it the same name as the shop and you'll get half the people logging into yours for sure.

Re:

[Anonymous Coward]

Google "Wifi Pineapple." These things have been around for a decade or so.

Re:Eh?

[VeryFluffyBunny]

But your computer will still not know that the CoffeeShop SSID that they're connecting to was the one the shop set up, though, will they?

Yes, this. Public Wifi needs something like unique domain names with signed certificates from an independent authority so that people know what they're connecting to and can be warned if it's insecure and therefore unsafe.

Re:

[Anonymous Coward]

> Public Wifi needs something like unique domain names with signed certificates from an independent authority...

a) You already get this with EAP-TLS. All WPA2 needed (modulo KRACK) was for supplicants to make it easy to not give a fuck about validating the presented TLS cert

b) If you protect the link between the wireless client and the AP, you're at parity with wired Ethernet for security. For the most part people really don't need better than that. (Never forget the thousands of miles of "wiring" betwe

Re:

[grasshoppa]

Or, you know....you could just connect to a vpn when on a public hotspot.

They said "Tougher", not better.

[aberglas]

The article said Tougher, not Better.

PKI infrastructure required for every home wifi or Windows 15 will not connect. That's pretty tough.

That said, are people sure than "unsecured" WiFi is not encrypted today? Would fail against man-in-the-middle but not against evesdropping.

What happens when the password is written on the wall of the coffee shop? Can anyone with that password break encryption for others? Can anyone with that password be a man-in-the-middle?

Re:

[spire3661]

Thats why you use VPN when connecting to a strange AP.

Re:

[Njovich]

Very little is known about WPA3, so it's hard to say if it will do anything about SSID spoofing.

Re:

[Kjella]

Allowing a random coffee shop to be your ISP is never going to be high security. But I think "Hey wait, why are there two CoffeeShop SSIDs?" is probably going to be an improvement. That could actually be a router feature, like if it detects another access point trying to send with the same SSID it'd send the manager some kind of alert. I think you'd pretty soon discover who's doing it...

Re:

[beanpoppa]

It's called Rogue AP detection, and most (if not all) enterprise wireless systems already do this. But, it requires set up, monitoring, and then an action plan in place for what to do when an rogue AP is detected. Resources and skills typically missing from your CoffeeShop staff.

Re: Eh?

[jabuzz]

What I want is active rogue AP defense. That is rather than just alerting one to the fact the rogue AP exists, is that it starts sending deauthentication frames to anything associated with an AP pretending to be one of mine. That way the f@#kers are stopped dead in their tracks.

Needs certification too

[Anonymous Coward]

There needs to also be some kind of certificate system added for open networks. Starbucks ought to be able to register their network with a CA, so that itâ(TM)s possible to verify that that open network with the SSID âoeStarbucksâ is not a phishing network.

Re:

[ledow]

Don't give them ideas.

Because then some naming authority will get involved and you'll have the domain-name debacle all over again about "who owns the name Starbucks for Wifi worldwide".

Re:

[sexconker]

We'll build our own internet. With blackjack, and hookers.

Re:

[Anonymous Coward]

Don't give them ideas.

Because then some naming authority will get involved and you'll have the domain-name debacle all over again about "who owns the name Starbucks for Wifi worldwide".

Uh... what makes you think it wouldn't be the exact same PKI that we already use for HTTPS, except the certs would be issued separately for HTTPS and WIFI. Want a public wifi cert? Then you'd self-sign or use Let's Encrypt, and you'd put a QR code of the cert on your menu.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[CastrTroy]

All they really need is a public key posted on the wall (in the form of a 2D barcode) to provide a key to authorize that you are actually connecting to the correct access point. Or they could have an LCD screen that changes the key every 24 hours to allow for rotating keys to keep them more secure and stop people from just switching out the piece of paper.

Re:

[beelsebob]

It also doesn't work well in terms of interaction models. No one in practice is going to go and scan the barcode on the wall to verify that their connection is secure. It's just not convenient enough.

Re:

[fisted]

...which could get tricky when it comes to checking whether the presented certificate has been revoked or not, because you're going to have to assume the certificate hasn't, in order to get the Internet access you need to actually check; and you're going to have to do that through my rogue AP.

It would seem safe at the first glance because both CRLs and OCSP responses are (mostly) signed by the issuing CA, but I could at least deny you access to either, so you can never know for sure.

OSCP-stapling the AP cer

Re:

[Areyoukiddingme]

There needs to also be some kind of certificate system added for open networks. Starbucks ought to be able to register their network with a CA, so that itâ(TM)s possible to verify that that open network with the SSID âoeStarbucksâ is not a phishing network.

Who cares if it's a "phishing network" as long as it reaches the public Internet? They can watch my SSH and TLS streams all they like (just like the NSA does). I don't care. I don't give a damn what open network I connect to, in Starbucks or anywhere else. The wireless part of the link is just one of many many parts of the link, all of which are vulnerable to eavesdropping. The TLS Everywhere initiative exists for a reason.

Legal implications

[Ed Avis]

I believe that in some countries like Germany it is illegal to run an open wireless network. (Crazy but true!) Would this proposed new standard address that, since the network would now be encrypted and no longer 'open'? Or does the law define an open network as one where users don't have to register for a username first? In that case, open Wifi would sadly remain illegal in Germany.

Re:

[DrStrangluv]

I don't believe it would. The network would still be "Open" in the sense that anyone can connect and use it without authorization.

Re:

[KozmoStevnNaut]

That does not hold up in court, an IP address does not uniquely identify a person.

Re:

[ArtemaOne]

Authoritarians got to authoritarianate

Re:

[fisted]

I believe that [...] (Crazy but true!)

Yeah, it is actually crazy (and apparently sadly true) that you believe this kind of bullshit.

Oh wait, you were saying the thing you believe is actually true, not the fact that you believe it? Then why start with "I believe" and not "it is a fact"? Oh yeah, because it's just a belief after all--so don't fucking call it true. Because it's not.

Love,
a triggered German

Re:

[Ed Avis]

This article summarizes the situation: http://www.spiegel.de/internat... [spiegel.de] So it's not a crime to operate an open Wifi network, but the network operator becomes liable for anything a user does. (Whereas the postal service, for example, is not liable for slanderous letters that may be posted.)

Re:

[fisted]

Yes, open wifi operators used to [bundestag.de] be potentially liable.

Re:

[Ed Avis]

That's great news, thanks for the update. I found when in Germany recently that wireless network operators still seemed to want you to register and provide a password, but that may be a holdover from the old situation, or just the German love of registering things.

Re:

[KozmoStevnNaut]

My impression is that Germans in general are extremely wary of registration and very privacy-conscious, especially those with family in the former DDR.

It's a stark contrast to Denmark, where we have a shared 2-factor login system for all public services, and to uniquely identify yourself for online banking and other secured services, as well as a unique social security number (CPR -- Central Person Register). All correspondence with public services (and a number of private services, too) goes to an encrypte

Re:

[Ed Avis]

I still remember being asked for my passport to go ice skating.

Re:

[Anonymous Coward]

Here in the US, your IP address is considered positive identification and proof beyond a reasonable doubt of activity, so if someone's open Wi-Fi is used for illegal business, the owner faces criminal and civil charges for it. This was a very common occurrence when the *AAs were doing their crackdowns on piracy around ten years ago.

Re:

[CaptainDork]

Coffee shops should drop TCP/IP and use their own, branded, in-house up-sell sugar packets.

Re:

[AvitarX]

I think that's literally what they are addressing in the summary.

WPA3 will allow password less connections to be encrypted.

I assume it will give you a key, and then as soon as you connect your computer can verify with a cert authority to verify that it's a good key (similar to https).

If it is unsigned you'll get a warning (similar to https)

And then once you connect the key can be saved and you'll be immune from future hijacking (similar to ssh).

This is a big obvious feature I could never figure out why it w

Finally!

[sims 2]

We should be on WPA4 or 5 by now or moved on to another 3 letter security like WTF.

I wonder what caused the 13 year wait?

Re:

[freeze128]

WPA2 was good enough. For most things, it still is.

Re:

[AvitarX]

Isn't their a replay attack disclosed now, I would hope WPA3 has something to mitigate that.

My understanding is that only non standard behavior on clients can protect against the replay attack.

https://techcrunch.com/2017/10... [techcrunch.com]

Re:

[KozmoStevnNaut]

Yeah, the KRACK Attack (love that name).

Most major vendors have patched their software and devices by now, but that still leaves a bunch of legacy devices in harm's way.

As always, don't trust wireless with sensitive data, use additional encryption everywhere you can, and you really should use a VPN when using wifi.

Re:

[Anonymous Coward]

I worked for a place that used WTF as the acronym for "waterfall." We had an acronym database somewhere, the entry in it was:

WTF: Waterfall. WTF did you think it stood for?

WiMax

[Anonymous Coward]

I'd love to see something like WiMax come back with open support so anyone can run something with longer range. It sucks that wifi has such a short range, but LTE can go so far, costing you a fortune per gig. It would be nice to have something that anyone can setup that covers longer distance, even if it's at a reduced speed.

Re: WiMax

[Voyager529]

Wi-Fi's shorter range isn't necessarily a bug; it's usually a feature. Go to a high rise apartment building and *try* to use 2.4ghz Wi-Fi. Good luck with that. There's literally a hundred routers in range, all trying to talk over each other. 5ghz is at least somewhat better, half because of the higher channel quantity, but half because of the shorter range and reduced wall penetration.
If wimax took off at a consumer level, it would be great for rural areas, but suburban and urban areas would find it useless

Re: WiMax

[Brockmire]

Distance is a function of power and frequency. Wimax would NOT be easier to deal with for just a few clients, you need many to get the benefits. Also, it's not designed for co-location/interference with other equipment you don't have timing control over. 802.11 outdoor gear has had long distance timing for 40km+ for a decade and a half. If you want to be super cheap about it, check ubnt gear.

Cool, but

[Anonymous Coward]

Backport for the WRT54GL when?