« previous next »
Pages: [1]   Go Down

Author Topic: Problems with new WPA3 Standard  (Read 755 times)

Offline gunug

  • TS Addict
  • *****
  • Posts: 6710
  • TS Palindrome
    • View Profile
Problems with new WPA3 Standard
« on: August 05, 2019, 08:12:05 AM »
I don't think I've been offered the choice of using WPA3 yet but I suppose it's only a matter of time:

Quote
August 2019 — During our initial disclosure, the Wi-Fi Alliance privately created security recommendations to mitigate our attacks. In these recommendations, they claim that Brainpool curves are safe to use, at least if products securely implement Dragonfly's quadratic residue test (i.e. it must be implemented without side-channel leaks). However, we found that using Brainpool curves introduces a second class of side-channel leaks in the Dragonfly handshake of WPA3. In other words, even if the advice of the Wi-Fi Alliance is followed, implementations remain at risk of attacks. This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard. It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept.

"Fortunately, as a result of our research, both the Wi-Fi standard and EAP-pwd are being updated with a more secure protocol. Although this update is not backwards-compatible with current deployments of WPA3, it does prevent most of our attacks.

The new side-channel leak is located in the password encoding algorithm of Dragonfly. This algorithm first tries to find a hash output that is smaller than the prime of the elliptic curve being used. With the default NIST curves, such a hash output is practically always found immediately. However, with Brainpool curves, several iterations may have to be executed before finding a hash output smaller than the prime. The number of iterations that didn't have such a valid hash output depends on the password being used and on the MAC address of the client. Simplified, the resulting timing and execution differences can be measured by an adversary. For example, in Figure 1 below, we can see that for the blue and orange MAC addresses (i.e. clients) the desired hash output was, on average, found in different iterations."


https://wpa3.mathyvanhoef.com/#new
Logged
"If there really is no beer in heaven then maybe at least the
computers will work all of the time!"

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
Re: Problems with new WPA3 Standard
« Reply #1 on: August 05, 2019, 08:48:40 AM »
Quote
I suppose it's only a matter of time
That time will probably be shorter than the time it may take me to understand what is written in that quotation. The only sentence I understand is:
Quote
The number of iterations that didn't have such a valid hash output depends on the password being used and on the MAC address of the client.
Although I have to assume that still means 'the longer the password, the more security'. We have no control over the MAC address, so we're dependent on the password.
Logged
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes:

Offline gunug

  • TS Addict
  • *****
  • Posts: 6710
  • TS Palindrome
    • View Profile
Re: Problems with new WPA3 Standard
« Reply #2 on: August 05, 2019, 03:20:17 PM »
Don't they mean that the MAC address could dictate a greater or lesser settings inherent in the way the computer at that MAC address was set up?

I don't know either I guess; I just thought it was interesting that the thing isn't out yet (beyond Beta) and already it's flakey!
Logged
"If there really is no beer in heaven then maybe at least the
computers will work all of the time!"
Pages: [1]   Go Up
« previous next »