Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,365
35,442



The Wi-Fi Alliance has officially started certifying WPA3, the next-generation security standard for wireless networking devices (via Engadget). The new protocol addresses a number of potential vulnerabilities that exist in WPA2 for both personal and enterprise networking environments.

Wi-Fi-certified-800x491.jpg

Amongst the enhancements, WPA3-Personal includes a more robust password-based authentication system that reduces the chances of a hacker guessing your password, individualized data encryption to protect against Wi-Fi eavesdropping, and the ability to protect data traffic even if a password is compromised after the data was transmitted.

On the enterprise side, WPA3 also offers an optional mode using 192-bit minimum-strength security protocols, as well as cryptographic tools to better protect sensitive data.

WPA3 also includes new quick-setup options for smart home devices through Easy Connect, a smartphone-based feature for users to set up wireless devices that lack displays.

Support for WPA3 must be built into devices for the protocol to be enabled, so it won't start coming into general use for a while yet. The good news is that WPA3 will retain interoperability with WPA2 devices, so there won't be a need to update every device on the same network.

The Wi-Fi Alliance expects WPA3 certification to increase over the next year, and as adoption grows, the protocol should eventually become a market requirement for all Wi-Fi certified devices.

Article Link: Wi-Fi Alliance Begins Certifying Next-Generation WPA3 Security Protocol
 
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.
 
Good news
And please school WiFi routers manufacturers about their default Admin / Admin :p
Actually, that's not the problem as I don't want to search for some random login if I want to reset and re-setup a wifi router.
What should be enforced are forcing the users to change the default admin password once the router is configured. Companies can simply add this steps in the set up process.
[doublepost=1530014519][/doublepost]
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.
How is this making phones obsolete? It is backward compatible, so one can slowly migrate their hardware to the new standard.

Today, there are plenty of people still using simple 801.11g routers, and plenty of devices only support 2.4GHz wifi. 802.11ac doesn't automatically make those obsolete. Neither will WPA3.
 
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.


Last time I read about WPA3 they said it would be a firmware update, this is just BS on their part, "they" want $$$$
 
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.

It's a protocol/encryption/hashing change, not a different band of the spectrum. Biggest hardware changes will be seen at the enterprise level. Personal hardware will see smaller changes until the new wireless standard comes out (see 802.11ax), coupled together will be great improvement to security but are two totally separate things.
 
  • Like
Reactions: HansHeino
The ‘WiFi Alliance’ is still a scummy organization. The specs they oversee need to be public/open source (e.g. TLS), so security researchersand academia can pound on their proposed standards. Instead, we’re left with a kludge-y standard where both the previous generations have been shown to have major security flaws. If WiFi was open like TLS is, the security of WPA3 would’ve been in place in WPA2...

But moving these standards into the open would mean the WiFi alliance would lose their cash cow: any WiFi device has to pay them to be tested, and you can’t even sell a product without paying them to use the phrase ‘Wifi’!
 
I wonder if they'll start allowing encryption without using a passphrase. This would be useful in cases where you want to have an open network (like at a coffee shop) but don't want people to have to use a password to log in. Not having to worry about people sniffing your unencrypted traffic at Starbucks would be nice.
 
  • Like
Reactions: wolfshades
WPA3 will be a software update BUT it requires the device to be certified. How many manufacturers will pay to certify old devices (including Apple which has discontinued all of their wifi devices).
 
Next year I'm hoping to upgrade to a new mesh WiFi network using 802.11ax and WPA3. Unfortunately it will be the first time in a long, long time that I'm not using an Apple AirPort.
 
I wonder if they'll start allowing encryption without using a passphrase. This would be useful in cases where you want to have an open network (like at a coffee shop) but don't want people to have to use a password to log in. Not having to worry about people sniffing your unencrypted traffic at Starbucks would be nice.

That's what a VPN is for.
 
That's what a VPN is for.
In some sense. A VPN connects you to a remote network, and essentially makes you a local client on that network. If you don't own the network, you have no way of knowing what that network is doing with your personal data. I mean, I'd expect some of those free VPN providers to be doing something with your personal data, wouldn't you? The only safe VPN is one you set up yourself, running on your own private network.
 
I wonder if they'll start allowing encryption without using a passphrase. This would be useful in cases where you want to have an open network (like at a coffee shop) but don't want people to have to use a password to log in. Not having to worry about people sniffing your unencrypted traffic at Starbucks would be nice.

Not sure how you’d get around the digital ID and keys piece to make that happen. There’d have to be a way for devices to authenticate the sender ID. Maybe with quantum computing.
 
Last time I read about WPA3 they said it would be a firmware update, this is just BS on their part, "they" want $$$$
Router manufacturers can update their firmware to support WPA3. They just have to have the device certified before they can release the update. This MR article is poorly written as it implies it requires new hardware.
 
  • Like
Reactions: justperry
Router manufacturers can update their firmware to support WPA3. They just have to have the device certified before they can release the update. This MR article is poorly written as it implies it requires new hardware.

That makes more sense to me.

Requiring new hardware for a communication protocol is ridiculous and wasteful.

There’s no reason the new protocol should require different hardware technology. It’s not like we’re talking about a different airwave frequency or requiring an embedded security chip. It’s software.
 
In some sense. A VPN connects you to a remote network, and essentially makes you a local client on that network. If you don't own the network, you have no way of knowing what that network is doing with your personal data. I mean, I'd expect some of those free VPN providers to be doing something with your personal data, wouldn't you? The only safe VPN is one you set up yourself, running on your own private network.

Correct, so either set one up on your own or subscribe to one you trust. It does effectively have secure your connection though because the encryption tunnel it creates blocks those on the public network from inspecting your packet transmissions.
 
Requiring new hardware for a communication protocol is ridiculous and wasteful.

There’s no reason the new protocol should require different hardware technology. It’s not like we’re talking about a different airwave frequency or requiring an embedded security chip. It’s software.

That will be a manufacturer's decision. They can add WPA3 to their existing routers. And they can, optionally, have that router certified so they can use the logo. But most manufacturers will do nothing in order to force their older hardware into obsolescence - which is ridiculous and wasteful, but profitable.

Considering the quick movement to WPA3 and 802.11AX, it definitely pays to not buy any WiFi hardware today unless the manufacturer promises a free update to these new standards.
 
Any guess or information as to when Apple will add Initiator (Configurator) capabilities to iOS for iPhones to enable its use for onboarding Wi-Fi Easy Connect devices? When scanning a DPP QR Code, I get the error "No usable data found" with the attached DPP QR-Code to instruct the Configurator with the following data:

Code:
DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;

which specifies "... a P-256 public key for a device that additionally indicates that it is operating on channel 1 and 36"

see section 5.3 of https://www.wi-fi.org/download.php?...ate/Wi-Fi_Easy_Connect_Specification_v2.0.pdf for further details
 

Attachments

  • DPP.png
    DPP.png
    785 bytes · Views: 56
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.