
Call for WPA3 - TrickyRick
https://github.com/d33tah/call-for-wpa3
======
viraptor
> That's pretty simple: don't accept DEAUTH packets from strangers.

Doesn't that basically enable stuck sessions? Unless you've got a perfect,
proven session recovery system that can work with any amount and selection of
dropped / error frames, you'll need a way to say "I don't know what's going
on, let's start again". With TCP you simply drop the connection and start
again. With Wifi, what's the solution?

> This can be achieved using key derivation functions like PBKDF2 or Scrypt.

Yeah... no. That simply moves the cracking from the "crack the passphrase" to
"crack the resulting hash" scenario. We're already at that stage and that's
what's currently broken in attacks on the downgrade to RC4. It doesn't matter
what the original passphrase was.

> The problem exists because WPA2 has a fatal cryptographic flaw which allows
> the derivation of the master key which is shared across all connected peers.

Only in WPA2 personal. At this point I give up. This is not a proposal... It's
more of a rant about the current state of things.

