Downgrade attacks:<p>WPA3 has a transitional mode which allows legacy WPA2 clients to connect. In this mode legacy WPA2 security issues are still present. Is this really a discovery or a given? How is WPA3 supposed to protect against it without requiring either WPA2 clients to be upgraded to support WPA3 security fixes (in which case you don't need WPA2 support anymore anyways) or without dropping support for transitional mode? 802.11w fixes much of this but WPA2 didn't mandate support for this which is one of the big reasons WPA3 is so much better.<p>Dragonfly downgrade:<p>"The hack can force the access point to use a different curve, presumably one that’s weaker." note: not "The hack can force the access point to use a different curve, one that’s weak.".<p>Side channel leaks:<p>Are failures in implementations not WPA3. If you're allowing local timing attacks while generating your keys it doesn't really matter what protocol you're using you've just failed. A real discovery of things in the wild that need to be fixed but nothing to do with the security of the specification.<p>Denial of service:<p>It's far more effective and simple to DoS the air than to DoS the APs CPU anyways. Always has been always will be. Besides, would you rather it be faster and have the AP expose side channel attacks instead?<p>"dragonblood":<p>Makes me think some researchers were out for their 5 minutes of fame with a cool sounding "vulnerability". To be a little less critical the researches discovered in-the-wild side channel attacks on popular client implementations of the crypto (but that doesn't sound as cool as "serious flaws leave WPA3 vulnerable".
For some reason I'm surprised we've had so many issues with Wi-Fi security.<p>I don't know if it was addressed in WPA3 (or if it would be addressed there), but my understanding is that a good chunk of the protocol isn't authenticated at all, such as the de-auth packets.<p>In a world with growing HTTPS support, OpenVPN, WireGuard, etc. and we can't secure a wifi network with a shared key?
My dream is to eliminate PSK from all the networks I care about/am responsible for, but it's really challenging to deploy 802.1X in anything but a fully managed enterprise (and also hard when you also have random other IOT/etc. type devices; usually the "important" ones you can just put onto wired network, and the unimportant ones go onto dedicated psk, but it's still a pain.<p>Still hate it all less than captive portals (which I hate so so much), but it's pretty annoying.
Aside: “A valid SSID is 0-32 octets with arbitrary contents”<p>An SSID is up to 16 bytes of arbitrary data e.g. 16 nulls is a valid SSID - I wonder how many UI flaws (or security flaws) result from that decision...<p>Why wouldn’t WPA3 introduce sane limitations on SSIDs?
Why can't a Wi-Fi encryption standard be developed in the open and added to IEEE 802.11 as another annex? Or at least what's to keep people like us from making our own standard in the open and implement it in our own systems at least?
The paper underlying this article : <a href="https://papers.mathyvanhoef.com/dragonblood.pdf" rel="nofollow">https://papers.mathyvanhoef.com/dragonblood.pdf</a>