Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

WPA3 – Improved Security for Wi-Fi

July 2, 2018

Well, it's finally here. In the Fall of 2017, a vulnerability in WPA2 wireless encryption was discovered. Known as the Krack Attack, the flaw impacts every implementation of WPA2. The manufacturers needed to provide a patch update to fix the flaw. The Wi-Fi Alliance has now announced the availability of WPA3, vastly improving security over WPA2. Just like WPA2, WPA3 will be available in personal and enterprise versions. Some of the new features of WPA3 include:

  • Information on public networks will always be encrypted
  • Encryption per session
  • Protection against brute force attacks at the authentication level (limited attempts for successful authentication)
  • Support for using a smartphone or tablet to set up security on IoT devices
  • 192-bit security suite to protect networks with higher security requirements (e.g. governments, hospitals, etc.)

WPA3 replaces the Pre-Shared Key with the "Dragonfly" Simultaneous Authentication of Equals (SAE) algorithm. SAE blocks offline password attempts after a single incorrect attempt, therefore, attacks must be made on a live connection, one try at a time. Even though WPA3 will make connecting to public networks a lot more secure, it does not protect against rogue access points, which means the WiFi Pineapple will still be an effective penetration testing tool.

Certified WPA3 devices should be available later this year. When you get a WPA3-enabled router, you'll also need WPA3-compatible client devices (e.g. phone, laptop, etc.) to take full advantage of the new features. The good news is that both WPA2 and WPA3 connections can be accepted at the same time with a new WPA3 router.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com