July 12, 2018

Third Time’s the Charm – WST

WPA is long due for an update. The protocol’s last major overhaul was introduced 13 years ago and now modern technology has caught up with its encryption methods allowing for an easily defeat-able scenario when using WPA2 and simple to mildly complex passwords.

However, this is set to change as we push into the second half of 2018 as the Wi-Fi Alliance has announced and certified WPA3. This new version of the Wi-Fi Protected Access aims to resolve many of the security and privacy risk issues associated with Wi-Fi today.

The highpoints are as follows:

  1. Encryption has been upgraded to Commercial National Security Algorithm (CNSA) 192-bit which will meet the increasing security demands for secure networks. In addition, the protocol claims to offer a feature that will help to harden short passwords. Whether this is just a standard SALT applied to the hash remains to be seen.
  2. The Dragonfly Protocol will in theory (WPA3 has not been largely released in the wild yet) protect the handshake between the Wireless Access Point and users. This is often the point of origin for many wireless based attacks as a security flaw in the handshake process for WPA2 easily reveals the password hash.
  3. Encryption by default for transmitted data! This one is easy to be excited about as it means that using Wireless at your favorite coffee shop or the airport should become a more private experience. Currently anyone on the same WPA2 or lesser network as you will be able to sniff (view) your traffic. This is the reason why third-party apps to encrypt your public wireless usage is often recommended.

The Wi-Fi Alliance officially announced WPA3 as the replacement to WPA2 in January of this year.  As such, devices should start to roll out this year so keep an eye out for WPA3 developments.

10-D Security does want to suggest using some caution at first.  While the new features sound very exciting and long overdue, it is often best to wait for the security community to vet any new service to reduce the risk of it having critical flaws that could compromise your network. Currently our recommendation for securing wireless networks remains WPA2 Enterprise.

Past Weekly Security Tips – WST