Sunday, April 18, 2021
  • CPDP 2021 – Moderator: Ian Brown ‘User Choice And Freedom Through Portability And Interoperability Rights?’
  • CPDP 2021 – Moderator: Christian Wiese Svanberg ‘E2EE: Stuck Between A Rock And A Hard Place’
  • Idaho CISO Shares Experience from Public, Private Sectors
  • CommitStrip ‘Another Day, Another Daily’
  • Mapping “America First” Revival of the KKK

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Network Security Security Bloggers Network 

Home » Cybersecurity » Network Security » WPA3: What You Need To Know

WPA3: What You Need To Know

by Craig Young on June 29, 2018

Earlier this month, the Wi-Fi Alliance made a press release announcing the availability of WPA3.

Built on top of several existing but not widely deployed technologies, WPA3 makes several vast improvements over the security provided by WPA2. Most notably, WPA3 should close the door on offline dictionary-based password cracking attempts by leveraging a more modern key establishment protocol called Simultaneous Authentication of Equals (SAE). This mechanism has some commonality with the Diffie-Hellman key exchange and has already been deployed in some mesh network standards. In addition to thwarting offline password cracking attempts, SAE provides forward secrecy so that an attacker cannot decrypt previously recorded sessions even if the WPA3 passphrase is known.

Another huge enhancement in this announcement is the Wi-Fi Device Provisioning Protocol (DPP) to replace the readily exploitable Wi-Fi Protected Setup (WPS).

With DPP, devices can be authenticated to join a network without a password through various means including QR codes or NFC tags. Unlike existing options, however, this is not simply a mechanism for communicating the password but rather it is a way for devices to perform mutual authentication without a password.

WPA3 also promises to improve security for open networks such as guest or customer networks in coffee shops, airports, and hotels. Although the standard does not appear to protect against a rogue access point, it should prevent passive nearby attackers from being able to monitor communication in the air. This is because WPA3 supports password-free encryption between stations and access points, but does not seem to provide a way for devices to discern between legitimate and rogue access points.

Despite these vast improvements, there is likely no reason for anyone to be rushing out to buy a new router for WPA3 support. For starters, it is important to recognize that Wi-Fi has a long history (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Craig Young. Read the original post at: https://www.tripwire.com/state-of-security/featured/wpa3-what-you-need-to-know/

June 29, 2018June 29, 2018 Craig Young Featured Articles, Off Topic, router, security, WPA3
  • ← Data breaches, Fortnite flim-flam, and a whammy of a cyberattack | Avast
  • California GDPR →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs
Majority of Mobile App Vulnerabilities From Open Source Code
In the World of IoT Security, Lock Every Door
The Need for a Cybersecurity Protection Agency
Breach Clarity Weekly Data Breach Report: Week of April 12
The Week in Breach News: 04/07/21 – 04/13/21
Biden Admin Takes Action to Defend Electric Utilities Against Cyberattacks
How To Implement Biometric 2FA in a Cryptocurrency Wallet with Python, Flask and TypingDNA
Vice Apologizes for Faked Photos of Genocide Victims
Why Traditional Security Network Fails SMBs | Avast

Upcoming Webinars

Wed 21

Managing Open Policy Agent at Scale

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
Wed 28

Cyber Attacks From the Open Source Perspective

April 28 @ 1:00 pm - 2:00 pm
Thu 29

Hack My Java Application: Demonstrating How Snyk and Red Hat Help Developers Stay Performant and Secure

April 29 @ 11:00 am - 12:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Three Wishes to Revitalize SIEM and Your SOC
Cybersecurity Data Security Endpoint Industry Spotlight Network Security Security Boulevard (Original) 

Three Wishes to Revitalize SIEM and Your SOC

April 16, 2021 Albert Zhichun Li | 2 days ago 0
Breach Clarity Weekly Data Breach Report: Week of April 12
Cybersecurity Data Security Identity & Access Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Weekly Data Breach Report: Week of April 12

April 14, 2021 Kyle Marchini | 4 days ago 0
Securing Remote Health Care Post-COVID-19
Cloud Security Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Mobile Security Security Boulevard (Original) 

Securing Remote Health Care Post-COVID-19

April 14, 2021 Mike Nelson | 4 days ago 0

Top Stories

U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response IoT & ICS Security Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks

April 16, 2021 Richi Jennings | 2 days ago 0
YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response Malware Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs

April 14, 2021 Richi Jennings | 4 days ago 0
Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)
Analytics & Intelligence Application Security AppSec Cyberlaw Cybersecurity Deep Fake and Other Social Engineering Tactics Endpoint Featured Governance, Risk & Compliance Identity & Access Identity and Access Management Incident Response IoT & ICS Security Malware Network Security News Securing the Edge Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)

April 12, 2021 Richi Jennings | Apr 12 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘AI Methodology’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.