upvote

points

by kd91317 hours ago |
comments
upvoteby supernetworks_17 hours ago|
next
[-]
WPA3 moved from PBKDF to ECDH. AES CCMP and GCMP are still the underlying block ciphers in WPA3 with some other extensions for China
reply
upvoteby tptacek16 hours ago|
prev|
next
[-]
For what it's worth, cryptography engineers were generally not happy with the Dragonfly PAKE, and PQC was a legitimate concern even in 2012.
reply
upvoteby dlcarrier15 hours ago|
prev|
next
[-]
Just yesterday I used an IoT device with WEP as the only WiFi option. Needless tosay, I use the wired connection.

The say the 's' in IoT stands for secure, and from my experience that is true. Pretty much nothing is getting thrown out, because it isn't secure.

reply
upvoteby evil-olive16 hours ago|
prev|
[-]
WPA3 was announced in 2018 [0]. I don't think it's reasonable to blame them for not anticipating the next decade of cryptographic research.

...but even if they had, what realistically could they have done about it? ML-KEM was only standardized in 2024 [1].

also, the addition of ECDH in WPA3 was to address an existing, very real, not-theoretical attack [2]:

> WPA and WPA2 do not provide forward secrecy, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past, which could be passively and silently collected by the attacker. This also means an attacker can silently capture and decrypt others' packets if a WPA-protected access point is provided free of charge at a public place, because its password is usually shared to anyone in that place.

0: https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#WPA3

1: https://en.wikipedia.org/wiki/ML-KEM

2: https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Lack_of...

reply
upvoteby ndriscoll16 hours ago|
parent|
[-]
Does it matter if an attacker can decrypt public wifi traffic? You already have to assume the most likely adversary (e.g. the most likely to sell your information) is the entity running the free wifi, and they can already see everything.
reply
upvoteby bdamm16 hours ago|
parent|
next
[-]
It is precisely because the operator of the wifi is not necessarily the adversary a user may be most concerned about. They may be, but they are not the only one. They are the one you know can be, but they aren't the only one.
reply
upvoteby evil-olive15 hours ago|
parent|
prev|
[-]
> You already have to assume the most likely adversary is the entity running the free wifi

why do you have to assume that?

you're at Acme Coffeeshop. their wifi password is "greatcoffee" and it's printed next to the cash register where all customers can see it.

with WPA2 you have to consider N possible adversaries - Acme Coffee themselves, as well as every single other person at the coffeeshop.

...and also anyone else within signal range of their AP. maybe I live in an apartment above the coffeeshop, and think "lol it'd be fun to collect all that traffic and see if any of it is unencrypted".

with WPA3 you only have to consider the single possible adversary, the coffeeshop themselves.

reply
upvoteby ndriscoll14 hours ago|
parent|
[-]
Because it's a near certainty (at least in the US) that businesses will spy on you to the extent that they can, but it's actually incredibly rare to be around a nerd with Wireshark? Things like facebook used to not use https long after public wifi was ubiquitous and you could easily sniff people, and it basically didn't matter. Now nearly everything uses TLS so it really doesn't matter. Actually most public wifi I encounter has no security.
reply
upvoteby evil-olive6 hours ago|
parent|
[-]
> Actually most public wifi I encounter has no security.

that was also one of the things fixed [0] in WPA3.

it sounds like you don't consider it relevant to your personal threat model. but the experts in charge of the standard apparently thought it was important to have in general.

0: https://en.wikipedia.org/wiki/Opportunistic_Wireless_Encrypt...

reply