WPA3 Discussion - WPA3 is out!

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
04dco
DD-WRT Novice


Joined: 21 Nov 2017
Posts: 9
Location: Romania

PostPosted: Sun Jan 21, 2018 8:34    Post subject: WPA3 Discussion - WPA3 is out! Reply with quote
WPA3 has been released and with it come some new security features, will this new protocol be integrated in newer versions of DD-WRT or would we need new hardware?

https://blog.malwarebytes.com/security-world/2018/01/wpa3-will-secure-wi-fi-connections-in-four-significant-ways-in-2018/

_________________
-04dco
Sponsor
ian5142
DD-WRT Guru


Joined: 23 Oct 2013
Posts: 1916
Location: Canada

PostPosted: Sun Jan 21, 2018 14:39    Post subject: WPA3 Reply with quote
It should be able to be implemented in dd-wrt software. The problem is the clients would also have to support it. Client support is slow to say the least, Android has not even patched KRACK yet.
_________________
Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.

Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one, I am trying to update them.

Atheros:
TP-Link Archer C7 v2 x2 - WDS AP, WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - WDS Station
Linksys WRT400N - bricked
D-Link 615 C1 x 4 - not used
D-Link 615 E3 x 2 - WDS Station
D-Link 825 B1 - WDS Station
D-Link 862L A1 - WDS Station (Entware 3X)
Netgear WNDR3700v2 - WDS Station
TP-Link 1043nd v1, inactive, unstable hardware
UBNT loco M2 x2 - airOS

Broadcom
Asus N66U - backup Gateway
Netgear r6300 v1 - AP
Linksys E2500 - not used
Linksys EA2700 - not used
Linksys 160N v3 x2 - not used
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - Gateway, DHCP, QoS
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 664

PostPosted: Mon Jan 22, 2018 5:35    Post subject: Reply with quote
I guess you could start seeing it late this year. I am also guessing it would just need open source support, be it code, wireless chip firmware/driver updates... So, stay away from Marvell, or you may get it in 3 years or not at all, as the WRT1200 is an "old product" and they don't intend on any new updates for open source...

Sorry, went on a little rant there Wink

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
DD-WRT Firmware: r39144: WRT3200ACM, WRT1200ACv1, WRT1900ACv1
Velop:3 WHW0101, RE6500, RE9000
TWC/Spectrum - 300/25
SysLog Watcher 5, Security Onion Intrusion Detection System on Virtual Box, Fingboxes
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 657

PostPosted: Mon Jan 22, 2018 5:59    Post subject: Reply with quote
I wouldn't say WPA3 is out, it was merely announced at CES. Likely it won't be seen in any routers until hostapd which is what provides the AP functionality in DDWRT and other firmware gets updated to support it.

Then comes the fact that they are using 192bit AES encryption. If the hardware encryption support either in the SOC or WiFi chipset only supports the 128bit AES currently used in WPA2, that will mean the encryption will have to be done in software, expect a performance impact if that is the case.

If you will be on the market for a new router/ap this year, it would probably be best to just wait it out for new hardware that supports WPA3 specifically till we find out if current hardware can be upgraded to support it without impacting performance.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7452

PostPosted: Mon Jan 22, 2018 6:28    Post subject: Reply with quote
The most disappointing aspect of WPA3 is that like all previous wifi standards (WEP, WPA, WPA2, even WPS), this one has been developed by a closed, members-only, consortium. IOW, never open to scrutiny by the wider public. That's how we ended up w/ all these broken wifi protocols in the first place! When will ppl finally figure it out that keeping the issue of security and encryption a CLOSED process is a really bad idea. While not every problem can be anticipated, certainly some could have been had the wider public had the chance to examine it, because some mistakes are pretty dumb. WEP and WPS are particularly egregious. All the WPA3 announcement promises is that the closed process on WPA4 can now begin. Just tired of fix after fix dropping from from the wifi gods for us to accept, unchallenged.
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 281

PostPosted: Mon Jan 22, 2018 7:09    Post subject: Reply with quote
Unfortunately this will never be solved because the main driver for WPA3 (and the next standard WPA4) is military defense contractors who are trying to produce wifi that can't be eavesdropped on. And the liabilities in that sort of gear are such that they will always insist on a commercial group to create standards so that if there's a hole they can blame someone else.

Otherwise WPA3 solves basically nothing. They throw some candy in there for wifi networks that are public access/open networks but nowadays everyone should be using SSL to send their email passwords over wifi networks and shouldn't be depending on the wifi network to secure anything.

It isn't going to make things more secure for the general public.
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 657

PostPosted: Mon Jan 22, 2018 7:41    Post subject: Reply with quote
tedm wrote:
Unfortunately this will never be solved because the main driver for WPA3 (and the next standard WPA4) is military defense contractors who are trying to produce wifi that can't be eavesdropped on. And the liabilities in that sort of gear are such that they will always insist on a commercial group to create standards so that if there's a hole they can blame someone else.

Otherwise WPA3 solves basically nothing. They throw some candy in there for wifi networks that are public access/open networks but nowadays everyone should be using SSL to send their email passwords over wifi networks and shouldn't be depending on the wifi network to secure anything.

It isn't going to make things more secure for the general public.


Yeah and at least at this point WPA3 isn't necessarily needed. It't not like the case we had back in the WEP days where the encryption was fundamentally broken. Even with KRACK, WPA2 wasn't fundamentally broken. Id suspect at this point if someone hasn't found a way to break WPA2 other than dictionary attacks, it isn't going to be broken till someone finds a fundamental flaw in AES in which case 192bit AES probably won't be of any help anyways and there are going to be a ton of other issues besides WiFi if that ever happens considering how wide spread AES is used today between WiFi, VPNs, disk level file encryption, and so on.

And as far as public wifi APs go, between a lot of services using HTTPS these days, and the fact you really shouldn't use them without using a VPN tunnel anyways since you have no clue what that shop owner has on the other side of their public wifi, or if you are being MITMed by someone setting up a rogue AP with the same name as a legitimate public AP. WPA3 isn't going to fix these issues.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum