Wednesday, November 14, 2018
  • VERT Threat Alert: November 2018 Patch Tuesday Analysis
  • Comparing the OWASP Top 10 to the Real-World Top 10
  • Guest Blog: Why it’s Critical to Orchestrate PKI Keys for IoT
  • Introducing Firefox Sync centered around user privacy
  • DPIAs and why every organisation needs to conduct them

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Network Security Security Bloggers Network 

Home » Cybersecurity » Network Security » WPA3: What You Need To Know

WPA3: What You Need To Know

by Craig Young on June 29, 2018

Earlier this month, the Wi-Fi Alliance made a press release announcing the availability of WPA3.

Built on top of several existing but not widely deployed technologies, WPA3 makes several vast improvements over the security provided by WPA2. Most notably, WPA3 should close the door on offline dictionary-based password cracking attempts by leveraging a more modern key establishment protocol called Simultaneous Authentication of Equals (SAE). This mechanism has some commonality with the Diffie-Hellman key exchange and has already been deployed in some mesh network standards. In addition to thwarting offline password cracking attempts, SAE provides forward secrecy so that an attacker cannot decrypt previously recorded sessions even if the WPA3 passphrase is known.

Another huge enhancement in this announcement is the Wi-Fi Device Provisioning Protocol (DPP) to replace the readily exploitable Wi-Fi Protected Setup (WPS).

With DPP, devices can be authenticated to join a network without a password through various means including QR codes or NFC tags. Unlike existing options, however, this is not simply a mechanism for communicating the password but rather it is a way for devices to perform mutual authentication without a password.

WPA3 also promises to improve security for open networks such as guest or customer networks in coffee shops, airports, and hotels. Although the standard does not appear to protect against a rogue access point, it should prevent passive nearby attackers from being able to monitor communication in the air. This is because WPA3 supports password-free encryption between stations and access points, but does not seem to provide a way for devices to discern between legitimate and rogue access points.

Despite these vast improvements, there is likely no reason for anyone to be rushing out to buy a new router for WPA3 support. For starters, it is important to recognize that Wi-Fi has a long history (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Craig Young. Read the original post at: https://www.tripwire.com/state-of-security/featured/wpa3-what-you-need-to-know/

June 29, 2018June 29, 2018 Craig Young Featured Articles, Off Topic, router, security, WPA3
  • ← GitHub Account of Gentoo Linux Hacked, Refrain from Using Its Code
  • California GDPR →
Featured Blog

Secure Code Warrior

Why financial institutions are leading the charge to upskill their developers in secure coding

Secure Code Warrior

Why SQL Injections Are The Cockroaches of the AppSec World (and how CISOs can eradicate them once and for all)

Secure Code Warrior

A Brighter Future For DevSecOps? It’s Closer Than You Think

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Data Security Spotlight: Protecting Electoral (and Everyday) Data
Hackers Exploit Recently Patched ColdFusion Vulnerability
The Changing Face of Web Application Security
User Experience: Achieving Performance and Security
The Top 5 Industries Grappling with Bad Bots
3 DevOps Security Challenges & How to Overcome Them
How to choose the best password manager | Avast
How to Increase Security in Your Smart Home
Your Definitive Guide to Information Security Conferences in 2019
Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability

Upcoming Webinars

Tue 27

2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyber Defenses

November 27 @ 11:00 am - 12:00 pm
Thu 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

451 Research: Securing Open Source

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

The Top 5 Industries Grappling with Bad Bots
Cybersecurity Industry Spotlight Malware Security Boulevard (Original) 

The Top 5 Industries Grappling with Bad Bots

November 13, 2018 Reid Tatoris | Yesterday 0
The Changing Face of Web Application Security
Application Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

The Changing Face of Web Application Security

November 12, 2018 Tiffany Olson Kleemann | 2 days ago 0
Data Security Spotlight: Protecting Electoral (and Everyday) Data
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Data Security Spotlight: Protecting Electoral (and Everyday) Data

November 9, 2018 Steve Marsh | 4 days ago 0

Top Stories

Convergence of Security, Networking Services Accelerates
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Convergence of Security, Networking Services Accelerates

November 13, 2018 Michael Vizard | Yesterday 0
Hackers Exploit Critical Flaw in WordPress GDPR Compliance Plug-in
DevOps Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Hackers Exploit Critical Flaw in WordPress GDPR Compliance Plug-in

November 13, 2018 Lucian Constantin | Yesterday 0
Hackers Exploit Recently Patched ColdFusion Vulnerability
DevOps Network Security News Security Boulevard (Original) Vulnerabilities 

Hackers Exploit Recently Patched ColdFusion Vulnerability

November 12, 2018 Lucian Constantin | 1 day ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.