wpa2   340

« earlier    

With WPA3, Wi-Fi security is about to get a lot tougher
The lack of security on open, public WiFi networks has long been a security woe for internet users. But these woes will be addressed with WPA3, replacing the less secure WPA2 standard. "The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things.

One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices.

WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated." - Zack Whittaker, ZDNet
otf  wifi  wpa3  wpa2  security 
10 days ago by dmcdev
Falling through the KRACKs – A Few Thoughts on Cryptographic Engineering | https://blog.cryptographyengineering.com/
The IEEE has been making a few small steps to ease this problem, but they’re hyper-timid incrementalist bullshit. There’s an IEEE program called GET that allows researchers to access certain standards (including 802.11) for free, but only after they’ve been public for six months — coincidentally, about the same time it takes for vendors to bake them irrevocably into their hardware and software.

This whole process is dumb and — in this specific case — probably just cost industry tens of millions of dollars. It should stop.

In the end we all know that the answer is for humans to stop doing this work. We need machine-assisted verification of protocols, preferably tied to the actual source code that implements them. This would ensure that the protocol actually does what it says, and that implementers don’t further screw it up, thus invalidating the security proof.
formalverification  security  crypto  wifi  wpa2  vulnerability  humanerror 
9 weeks ago by kme

« earlier    

related tags

2017  802.11i  802.1x  a:alex-hudson  aircrack  airodump  apple  article  attack  authentication  block  blog  bug  cartoon  cipher  comp3911  computer_security  connected_devices  crack  cracking  crittografia  crypto  cryptography  cybersecurity  encryption  exploit  fail  formalverification  fortinet  github  go  golang  hack  hacking  hashcat  hccap  hole  htc-krack  humanerror  ieee  ifttt  informatiebeveiliging  information-security  information  infosec  internet.of.shit  internet  internet_of_things  iot  key  keystream  krack  krak  meru  michael  mode  network  networking  nsa  otf  p:alex-hudson  pentesting  pocket  protocol  read  reinstallation  security  ssl  standard  standards  stream  test  theguardian  tls  tutorial  uh-oh  vulnerabilities  vulnerability  wi-fi  wifi  wireless  wlan  wpa  wpa2-krack  wpa2crack  wpa3 

Copy this bookmark: