
WPA3 Wifi Security Protocol Announced - melzarei
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
======
dmix
A critical problem I see that needs solving is the Starbucks style open wifi
login pages that fail to redirect when trying to visit HTTPS sites.

A new secure authentication system is needed for these set ups.

I’m blanking on the name of them but clearly they are widely deployed and
likely causing lots of regular people to have trouble connecting to pages
because they tried to connect to Facebook instead of an HTTP site.

~~~
Kliment
Captive portals? Browsers and some mobile devices have a workaround where on
new wifi connections they try to connect to a particular url and if that gives
unexpected content they know it's a captive portal and prompt you to log in.
But ideally this would be in the network descriptor somehow.

~~~
dawnerd
I wish gogo worked with this. I've ended up bookmarking
[http://captive.apple.com](http://captive.apple.com) just to trigger their
login page.

~~~
teekert
I have had this problem as well, and it became increasingly difficult to find
non-https domains so I started using one of my own sub-domain for it (I needed
it on the dutch railway system). But recently, Ubuntu added a captive portals
catcher and gives a small browser window to login (I think it tries to contact
an Ubuntu sub-domain first to test the connection, you can turn it off if you
want). This is very handy!

~~~
zootboy
Why is this a problem? Just mash some keys and add a .com to the end. The
portal doesn't check if the domain is real or not, it just intercepts all DNS
requests until you've logged in.

~~~
Kliment
and for the rare cases of those that don't, you can tunnel data over dns

------
sohkamyung
I would keep a wary eye open until actual specifications are announced and
publicly available.

If history is any guide, some parts of it might become security mis-features,
like Wi-Fi Protected Setup (WPS) which became a security issue because it
allows WPS PIN recovery.

Also note that the IEEE controls the actual wireless specification as IEEE
802.11 and also specifies the actual encryption standards used during wireless
transmission and reception (this used to be called IEEE 802.11i-2004 [1]).

My educated guess is that WPA3 won't change the block cyphers used to encrypt
data (AES-CCMP) and the initial handshaking protocol as that is part of the
IEEE Spec and cannot be changed by the Wi-Fi Alliance. Instead, it may specify
additional requirements that clients have to fulfill before connecting (like
public key certificates and proof of identities).

[1]
[https://en.wikipedia.org/wiki/IEEE_802.11i](https://en.wikipedia.org/wiki/IEEE_802.11i)

------
userbinator
Where can I actually read the spec? I'm not even much of a cryptographer, but
I'm curious --- and the closed attitude is a contributing factor to things
like this:

[https://blog.cryptographyengineering.com/2017/10/16/falling-...](https://blog.cryptographyengineering.com/2017/10/16/falling-
through-the-kracks/)

~~~
adyavanapalli
This is just the announcement that they're _going_ to build the spec XD

------
0x0
Is WPA3 going to require new hardware (wifi client cards/chips, wifi routers)
or will it be possible to add WPA3 support via a software update in common
operating systems?

------
lloeki
One feature I wish to see is some form of AP authentication, maybe with TOFU
and some PK pinning. That is currently, name an AP the same as another and a
machine that had the AP name saved will try to connect to it. If you name an
AP "Apple Store" or "Starbucks" you can watch devices connect (with their real
MAC even, defeating MAC randomization used when scanning for APs), and if it's
an open AP or you got hold of the passphrase, monitor and possibly MITM
connections.

~~~
KozmoNau7
We definitely need some kind of mechanism to authenticate APs, right now we
only have the SSID and MAC, both of which are trivial to spoof.

There isn't even any collision detection, nothing stopping you from giving
your AP the same SSID as an already present AP, and clients will helpfully
connect to whichever one has the strongest signal, which is probably going to
be the rogue AP right next to you, rather than the actual Starbucks AP at the
other end of the store. According to 802.11, APs with identical names are
considered to be part of the same network, no questions asked.

I consider it a fundamental flaw of wifi, alongside the boneheadedness of WEP
("wired equivalent protection"... Yeah right, pull the other one), and the
idiotic layout of channels in the 2.4GHz spectrum.

The only way to use wifi as a consumer is with WPA2 (AES only, no TKIP) a
randomly generated strong passkey, and all smart features turned way _off_
(security holes such as WPS). For any AP that you haven't personally set up
and vetted, and _especially_ open public APs, a VPN connection is absolutely
mandatory. And I still wouldn't trust it 100%.

~~~
leni536
_There have been proposals to use IEEE 802.11u for access points to signal
that they allow EAP-TLS using only server-side authentication._ [1]

It's more of an implementation and UI problem. The required standards already
exist, no need to wait for WPA3.

[1] [https://en.wikipedia.org/wiki/IEEE_802.11u#EAP-
TLS](https://en.wikipedia.org/wiki/IEEE_802.11u#EAP-TLS)

[2]
[https://web.archive.org/web/20131126183610/http://riosec.com...](https://web.archive.org/web/20131126183610/http://riosec.com/open-
secure-wireless-2.0)

------
0xcde4c3db
> Another feature will strengthen user privacy in open networks through
> individualized data encryption.

WPA1 can arguably be forgiven a lot of shortcomings given its circumstances,
but I never understood why this wasn't in WPA2. I understand that the station
can't authenticate the AP in this case, but it still seems like it's strictly
better for the traffic to be encrypted. What am I missing?

~~~
wmf
The same reason browsers don't allow self-signed certificates, I guess. Those
security people think a false sense of security is worse than no security.

~~~
zrm
The false sense of security is what WPA2 gives anyway. Coffee house has a
password on their wifi? Great, then only someone with the password can
impersonate the AP, which is only... everyone.

You can't tell everybody something and still use it as a secret.

What they should be doing is putting the public key of the AP on the wall as a
QR code.

Or the real solution, which is for everything to be end-to-end encrypted
regardless.

~~~
kabes
> What they should be doing is putting the public key of the AP on the wall as
> a QR code

Except if the attacker has his own QR code stickers.

~~~
QasimK
If it’s inside a coffee shop or other physical locations the attempt is likely
to be caught. Or, put the code inside a photo frame making it easier for staff
to distinguish.

------
bhaavan
Now if only I could run `apt-get update && apt-get upgrade` on my router's
firmware to support this.

------
philsnow
Fine, but in addition everything you do should be encrypted end to end as well
as you can. Use httpseverywhere. Use privacy badger.

~~~
dimensi0nal
Privacy Badger forces you to send the DNT header, making your browser far more
vulnerable to fingerprinting. Just use the relevant filter lists in uBlock
Origin.

~~~
majewsky
How does DNT make you more vulnerable to fingerprinting? Because there's fewer
people that DNT than who don't, or am I missing something else?

~~~
KozmoNau7
Yes, because it's an option you specifically have to set as a user, most
people don't bother (or don't know about it), so simply by setting the flag,
you're making yourself easier to identify.

------
na85
Can anyone comment on the efficacy of the CNSA algorithm they are planning to
use?

~~~
hlieberman
CNSA isn't an algorithm. It's the NSA's update to what used to be called
"Suite B". It's a set of algorithms that NSA recommends for use in National
Security Systems (classified systems that use unclassified algorithms).

Currently, that's AES-256, ECDH over P-384, ECDSA over P-384, SHA-384, and
then also RSA/DH with a >3072 modulus.

~~~
na85
So is WPA3 defective by design, then? I sure don't trust modern NSA-designed
algorithms.

~~~
jitl
These are publicly designed algorithms that are widely used. It just so
happens that the NSA also recommends then.

~~~
ktta
P-256 and P-384 have some "NSA" stigma associated with them though.

------
chb
Just in time for CES!

