Wpa3

unlo · 2018-06-26T14:40:19.813Z

WiFi alliance has published WPA3 OFFICIAL

please keep us up-to-date when this will be available

alzhao · 2018-06-30T17:54:53.605Z

We checked and seems there is still some work to do. We expect the earliest support for WPA3 will be end of this year. Openwrt may add a little bit late.

This is chip related I think.

tlymer · 2019-10-25T11:00:28.828Z

hi alzhao,

wpa3 is now available on ubuntu 19.10. Do you know when it will be available on the AR750 ?

Tony

Johnex · 2019-10-25T12:21:17.049Z

Seems like OpenWRT is still working on getting that ready, at least looking here:

OpenWrt Forum – 19 Sep 19

Wpa3 support in OpenWrt?

Which combinations exactly dont work?

My guess is when OpenWRT 19.07 is out, there might be support for it. Unfortunately 19.07 has been delayed since the summer, without any kind of hint as to when it will be released.

GL-iNet only makes new firmware’s based on the latest releases, so that customers have the most stable version. There is no point to develop on top of something that isn’t ready, just to fight with a lot of issues and bugs.

alzhao · 2019-10-26T04:22:30.919Z

WPA3 need to be supported by chipset, right?

Johnex · 2019-10-26T14:25:08.220Z

No, it looks to be just a protocol update, so software + firmware update only

tlymer · 2019-11-03T16:02:07.902Z

Thanks for your comments. I appreciate them. I am looking forward to the OPENWRT update becoming available.

sfx2000 · 2019-11-05T05:29:38.259Z

There’s a fair amount of interop issues with WPA3 and mixed clients - folks are working it…

It’s mostly the mixed-mode stuff and fallbacks for older client implementations for devices.

Johnex · 2019-11-07T16:29:52.326Z

Well seems like 19.06 won’t have WPA3 after all. Looking at these messages:

https://lists.infradead.org/pipermail/openwrt-devel/2019-October/019293.html
https://lists.infradead.org/pipermail/openwrt-devel/2019-October/019346.html

And the fact that 19.06 RC1 was released yesterday, it seems like WPA3 has been pushed back to version 20.03.

Sorry guys that wanted WPA3 soon.

sfx2000 · 2019-11-08T04:58:17.742Z

Here’s one example - folks are working thru challenges of WPA3, but please be patient.

Some of it is OpenWRT devs, and also upstream - and client interoperability is an absolute must - this particular checkin is touching just one item.

commit 3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8
Date:   Mon Oct 28 19:10:14 2019 +0100

hostapd: enable PMKSA and OK caching for WPA3-Personal

This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.

This should not degrade security, as there's no external authentication
provider.

Tested with OCEDO Koala and iPhone 7 (iOS 13.1).

Johnex · 2019-11-08T14:33:56.695Z

Some people might not be aware but having WPA3 on a GL router does not guarantee that you will even be able to use it.

For example, users on Windows need to be running the May 2019 Update, and for example with Intel cards which most laptops use, only these have support for WPA3:

Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9462
Intel® Wireless-AC 9461
Intel® Wireless-AC 9260

My 2 year old laptop did not have one of those cards, but i did swap it out for another reason.

Apple users need to be on iOS13 or later.

Android users need to use Android Q aka Android 10, which is also a limited list of devices that currently have it:

Google Pixel 4
Google Pixel 3 / Pixel 3 XL
Google Pixel 3a / Pixel 3a XL
Google Pixel 2 / Pixel 2 XL
Google Pixel / Pixel XL
Essential Phone
OnePlus 7T
OnePlus 7T Pro

Samsung, Huawei and others will probably only update their latest flagships to Android 10, all older phones will be left in the dark as usual. Those updates won’t happen until the beginning of 2020.

And the cherry on top is this:

XDA Developers – 13 Jan 21

These are the WiFi 6e routers announced at CES 2021

Wifi 6e routers have made their big debut at CES this year. But when will be be able to buy them and what are the benefits? Look no further.

The Wi-Fi Alliance then made some suggestions on how to fix it, which ironically caused more side attacks, woopsie

It will probably only be fixed when WPA3.1 or something like that is made standard in another 10 years.

You can read more directly from the researchers that found the vulnerabilities here:

wpa3.mathyvanhoef.com

Dragonblood: Analysing WPA3's Dragonfly Handshake

This website presents the Dragonblood Attack. It is a collection of attacks against the WPA3 protocol, which mainly abuse the password element generation algorithm of WPA3's Dragonfly handshake.

So kids, stick to using LAN cables if you want to be more secure or always use a VPN when on wifi

sfx2000 · 2019-11-09T04:13:48.964Z

Johnex:

You can read more directly from the researchers that found the vulnerabilities here:

https://wpa3.mathyvanhoef.com/

So kids, stick to using LAN cables if you want to be more secure or always use a VPN when on wifi

WPA3 has it’s issues… it’s not as bad as it sounds, as 2019 seems to be the year of “named” vulnerabilities - meltdown/spectre anybody?

The bigger problem is stupid clients on wifi period - case in point - Ring Doorbells sending credentials in plaintext

In the larger scope however, unless all equipment on the WLAN is WPA3, one will have to run in mixed mode to support WPA2 clients.