Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
58,036
21,092



The Wi-Fi Alliance has officially started certifying WPA3, the next-generation security standard for wireless networking devices (via Engadget). The new protocol addresses a number of potential vulnerabilities that exist in WPA2 for both personal and enterprise networking environments.

Wi-Fi-certified-800x491.jpg

Amongst the enhancements, WPA3-Personal includes a more robust password-based authentication system that reduces the chances of a hacker guessing your password, individualized data encryption to protect against Wi-Fi eavesdropping, and the ability to protect data traffic even if a password is compromised after the data was transmitted.

On the enterprise side, WPA3 also offers an optional mode using 192-bit minimum-strength security protocols, as well as cryptographic tools to better protect sensitive data.

WPA3 also includes new quick-setup options for smart home devices through Easy Connect, a smartphone-based feature for users to set up wireless devices that lack displays.

Support for WPA3 must be built into devices for the protocol to be enabled, so it won't start coming into general use for a while yet. The good news is that WPA3 will retain interoperability with WPA2 devices, so there won't be a need to update every device on the same network.

The Wi-Fi Alliance expects WPA3 certification to increase over the next year, and as adoption grows, the protocol should eventually become a market requirement for all Wi-Fi certified devices.

Article Link: Wi-Fi Alliance Begins Certifying Next-Generation WPA3 Security Protocol
 

flyinmac

macrumors 68040
Sep 2, 2006
3,578
2,460
United States
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.
 

pika2000

Suspended
Jun 22, 2007
5,587
4,902
Good news
And please school WiFi routers manufacturers about their default Admin / Admin :p
Actually, that's not the problem as I don't want to search for some random login if I want to reset and re-setup a wifi router.
What should be enforced are forcing the users to change the default admin password once the router is configured. Companies can simply add this steps in the set up process.
[doublepost=1530014519][/doublepost]
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.
How is this making phones obsolete? It is backward compatible, so one can slowly migrate their hardware to the new standard.

Today, there are plenty of people still using simple 801.11g routers, and plenty of devices only support 2.4GHz wifi. 802.11ac doesn't automatically make those obsolete. Neither will WPA3.
 

justperry

macrumors G5
Aug 10, 2007
12,344
9,512
I'm a rolling stone.
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.


Last time I read about WPA3 they said it would be a firmware update, this is just BS on their part, "they" want $$$$
 

Sciomar

macrumors 6502
Nov 8, 2017
427
1,163
Requiring hardware support. Naturally that’ll mean new dongles for Computers that will probably be practically brand new at ratification.

And obsoleting phones that are only months old.

New routers.

Granted it says it’ll permit older devices to connect. But if you want to use the new security protocol, there’s going to be a huge burst of e-waste.

They should work on a firmware update option.

It's a protocol/encryption/hashing change, not a different band of the spectrum. Biggest hardware changes will be seen at the enterprise level. Personal hardware will see smaller changes until the new wireless standard comes out (see 802.11ax), coupled together will be great improvement to security but are two totally separate things.
 
  • Like
Reactions: HansHeino

dhess34

macrumors member
Feb 14, 2008
31
64
The ‘WiFi Alliance’ is still a scummy organization. The specs they oversee need to be public/open source (e.g. TLS), so security researchersand academia can pound on their proposed standards. Instead, we’re left with a kludge-y standard where both the previous generations have been shown to have major security flaws. If WiFi was open like TLS is, the security of WPA3 would’ve been in place in WPA2...

But moving these standards into the open would mean the WiFi alliance would lose their cash cow: any WiFi device has to pay them to be tested, and you can’t even sell a product without paying them to use the phrase ‘Wifi’!
 

zorinlynx

macrumors 604
May 31, 2007
7,451
14,546
Florida, USA
I wonder if they'll start allowing encryption without using a passphrase. This would be useful in cases where you want to have an open network (like at a coffee shop) but don't want people to have to use a password to log in. Not having to worry about people sniffing your unencrypted traffic at Starbucks would be nice.
 
  • Like
Reactions: wolfshades

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,050
WPA3 will be a software update BUT it requires the device to be certified. How many manufacturers will pay to certify old devices (including Apple which has discontinued all of their wifi devices).
 

macduke

macrumors G5
Jun 27, 2007
12,213
17,399
Central U.S.
Next year I'm hoping to upgrade to a new mesh WiFi network using 802.11ax and WPA3. Unfortunately it will be the first time in a long, long time that I'm not using an Apple AirPort.
 

ksnell

macrumors 6502a
Aug 26, 2012
698
1,208
Texas
I wonder if they'll start allowing encryption without using a passphrase. This would be useful in cases where you want to have an open network (like at a coffee shop) but don't want people to have to use a password to log in. Not having to worry about people sniffing your unencrypted traffic at Starbucks would be nice.

That's what a VPN is for.
 

Markoth

macrumors 6502
Oct 1, 2015
490
1,400
Behind You
That's what a VPN is for.
In some sense. A VPN connects you to a remote network, and essentially makes you a local client on that network. If you don't own the network, you have no way of knowing what that network is doing with your personal data. I mean, I'd expect some of those free VPN providers to be doing something with your personal data, wouldn't you? The only safe VPN is one you set up yourself, running on your own private network.
 

Sciomar

macrumors 6502
Nov 8, 2017
427
1,163
I wonder if they'll start allowing encryption without using a passphrase. This would be useful in cases where you want to have an open network (like at a coffee shop) but don't want people to have to use a password to log in. Not having to worry about people sniffing your unencrypted traffic at Starbucks would be nice.

Not sure how you’d get around the digital ID and keys piece to make that happen. There’d have to be a way for devices to authenticate the sender ID. Maybe with quantum computing.
 

bozzykid

macrumors 68020
Aug 11, 2009
2,272
285
Last time I read about WPA3 they said it would be a firmware update, this is just BS on their part, "they" want $$$$
Router manufacturers can update their firmware to support WPA3. They just have to have the device certified before they can release the update. This MR article is poorly written as it implies it requires new hardware.
 
  • Like
Reactions: justperry

flyinmac

macrumors 68040
Sep 2, 2006
3,578
2,460
United States
Router manufacturers can update their firmware to support WPA3. They just have to have the device certified before they can release the update. This MR article is poorly written as it implies it requires new hardware.

That makes more sense to me.

Requiring new hardware for a communication protocol is ridiculous and wasteful.

There’s no reason the new protocol should require different hardware technology. It’s not like we’re talking about a different airwave frequency or requiring an embedded security chip. It’s software.
 

ksnell

macrumors 6502a
Aug 26, 2012
698
1,208
Texas
In some sense. A VPN connects you to a remote network, and essentially makes you a local client on that network. If you don't own the network, you have no way of knowing what that network is doing with your personal data. I mean, I'd expect some of those free VPN providers to be doing something with your personal data, wouldn't you? The only safe VPN is one you set up yourself, running on your own private network.

Correct, so either set one up on your own or subscribe to one you trust. It does effectively have secure your connection though because the encryption tunnel it creates blocks those on the public network from inspecting your packet transmissions.
 

JitteryJimmy

macrumors member
Apr 12, 2008
51
29
Requiring new hardware for a communication protocol is ridiculous and wasteful.

There’s no reason the new protocol should require different hardware technology. It’s not like we’re talking about a different airwave frequency or requiring an embedded security chip. It’s software.

That will be a manufacturer's decision. They can add WPA3 to their existing routers. And they can, optionally, have that router certified so they can use the logo. But most manufacturers will do nothing in order to force their older hardware into obsolescence - which is ridiculous and wasteful, but profitable.

Considering the quick movement to WPA3 and 802.11AX, it definitely pays to not buy any WiFi hardware today unless the manufacturer promises a free update to these new standards.
 

dgtlrift

macrumors newbie
Jan 5, 2012
4
0
Any guess or information as to when Apple will add Initiator (Configurator) capabilities to iOS for iPhones to enable its use for onboarding Wi-Fi Easy Connect devices? When scanning a DPP QR Code, I get the error "No usable data found" with the attached DPP QR-Code to instruct the Configurator with the following data:

Code:
DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;

which specifies "... a P-256 public key for a device that additionally indicates that it is operating on channel 1 and 36"

see section 5.3 of https://www.wi-fi.org/download.php?...ate/Wi-Fi_Easy_Connect_Specification_v2.0.pdf for further details
 

Attachments

  • DPP.png
    DPP.png
    785 bytes · Views: 17
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.