WPA3 - What Now?

You might remember the horror news back in October 2017. Through forcing nonce reuse it was able to break WPA2, the current protocol used world-wide for Wi-Fi networks. Everyone freaked out, someone had found out how to basically crack any wireless connection ever made. Fortunately it was possible to patch (also backwards-compatible) the issue and vendors have reacted quickly.

Now, few months later, the Wi-Fi Alliance announced the planned release of WPA3. Not only is this supposed to fix all the security concerns of the 2003-introduced WPA2 standard, but also implement further security steps to ensure a safe Wi-Fi connection around the globe. It is meant to include robust protection because “Wi-Fi security technologies may live for decades, so it’s important that they are continually updated to ensure they meet the needs of the Wi-Fi industry”. An example of such a “step” is the introduction of an encryption called “Opportunistic Wireless Encryption” which offers encryption without authentication.

WPA3 will be ready for the future, that’s what the Wi-Fi Alliance hopes at least. We live in 2018 but weak password choices by users are still a huge problem. WPA3 adresses this and manages to secure devices even though the password is considered weak. With the uprise of IoT, WPA3 also allows better control of settings concerning anything Wi-Fi related, even without any sort of graphical display. Last but not least, with WPA3 government buildings or the military is given the opportunity to use Wi-Fi in a much broader environment where additional security requirements are inalienable.

Let’s see what 2018 brings - and how long it will take Mathy Vanhoef to crack the protocol this time ;-)