At the annual Vegas germ-fest CES, the Wi-Fi Alliance shouted to anyone who would listen about the soon to be here WPA3, which will take the place of the ubiquitous but horribly flawed WPA2 (used by Wi-Fi communication everywhere).
WPA2 has problems galore, starting with the fact that anyone can kick anybody they fancy off a network with some software and a simple DEAUTH, and ending with the fact it just isn’t very secure.
All the big boys are in this Wi-Fi gang: Apple, Cisco, Microsoft, Qualcomm and Intel. They were chirping on about still trying to fix WPA2 whilst WPA3 is rolled out. Won’t hold my breath on that one.
Devices that are approved to have WPA3 should start seeing the light of day this year. What’s new? Well, they’ll include stuff like better help for idiots that use stupid passwords and easier set up for headless devices.
It should also support data encryption on an individual user level. A security researcher that knows his stuff tweeted that it might be using Opportunistic Wireless Encryption (OWE). OWE is likely to be an extension to 802.11.
As you know, the whole mess of the current 4 way handshake uses a shared, public Pre-Shared Key (PSK) which is what gets them into a whole bucket of mess. This OWE thing uses a Diffie-Hellman key exchange instead. Which is miles more secure.
On top of that, there’s going to be a 192-bit suite of security which will be in sync with the Commercial Sational Security Algorithm (CNSA) Suite from the Committee on National Security Systems designed for Wi-Fi users with serious security needs like three letter American agencies and governments.
So, maybe, finally, Wi-Fi will be a bit more secure than my Mother-In-Law’s password system. Which is writing all her passwords in a book next to her Mac. We can live in hope.