WPA3 is a year old and it seems it has a few flaws which still need to be ironed out, though it can still offer better protection than WPA2. The Inquirer describes this flaw in Simultaneous Authentication of Equals (SAE) handshake, dubbed Dragonblood, in this recent article. It is not a theoretical architectural flaw, indeed the researchers that discovered it could make use of it to brute-forcing an eight-character lowercase password with about $125 in Amazon EC2 instances; not good for a protocol which was intended to prevent all dictionary attacks.
The good news is that a change in the SAE algorithm could mitigate this specific flaw and as WPA3 is not yet widely adopted that is something which could be done before it does start to become mainstream.
"Launched in January 2018, WPA3 uses the Advanced Encryption Standard (AES) protocol to improve WiFi network security. However, a new research paper published by Mathy Vanhoef and Eyal Ronen shows that the protocol may not be as safe as previously thought."
Here is some more Tech News from around the web:
- Implementing Qi Inductive Charging Yourself @ Hackaday
- Orders from Huawei, AMD key to driving TSMC growth in 2Q19 @ DigiTimes
- Intel brings Optane and QLC NAND to a single M.2 memory chip @ The Inquirer
- Windows Subsystem for Linux distro gets a preening, updated version waddles into Microsoft's app store @ The Register
- Amazon Workers Are Listening To What You Tell Alexa @ Slashdot
- China responsible for just, oh, 20% of global semiconductor revenue in 2018, no biggie @ The Register
- The Witness Is FREE For A Limited Time! Get It Now! @ TechARP