Jump to content
David H. Lipman

Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords

Recommended Posts

Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords

"The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices.

While a big improvement over the earlier and notoriously weak Wired Equivalent Privacy and the WPA protocols, the current WPA2 version (in use since the mid 2000s) has suffered a crippling design flaw that has been known for more than a decade: the four-way handshake—a cryptographic process WPA2 uses to validate computers, phones, and tablets to an access point and vice versa—contains a hash of the network password. Anyone within range of a device connecting to the network can record this handshake. Short passwords or those that aren’t random are then trivial to crack in a matter of seconds.

One of WPA3’s most promoted changes was its use of “Dragonfly,” a completely overhauled handshake that its architects once said was resistant to the types of password guessing attacks that threatened WPA2 users. Known in Wi-Fi parlance as the Simultaneous Authentication of Equals handshake, or just SAE for short, Dragonfly augments the four-way handshake with a Pairwise Master Key that has much more entropy than network passwords. SAE also provides a feature known as forward secrecy that protects past sessions against future password compromises."

Designated:
CVE-2019-13377 and CVE-2019-13456

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.