I see your wireless password is early adopter

Subject: General Tech | April 11, 2019 - 12:25 PM |
Tagged: WPA3, wireless, security, bug, dragonblood, sae

WPA3 is a year old and it seems it has a few flaws which still need to be ironed out, though it can still offer better protection than WPA2.  The Inquirer describes this flaw in Simultaneous Authentication of Equals (SAE) handshake, dubbed Dragonblood, in this recent article.  It is not a theoretical architectural flaw, indeed the researchers that discovered it could make use of it to brute-forcing an eight-character lowercase password with about $125 in Amazon EC2 instances; not good for a protocol which was intended to prevent all dictionary attacks. 

The good news is that a change in the SAE algorithm could mitigate this specific flaw and as WPA3 is not yet widely adopted that is something which could be done before it does start to become mainstream.

WFA_Alliance_Flat_Print_HR_NY.png

"Launched in January 2018, WPA3 uses the Advanced Encryption Standard (AES) protocol to improve WiFi network security. However, a new research paper published by Mathy Vanhoef and Eyal Ronen shows that the protocol may not be as safe as previously thought."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer