> Unfortunately, our attacks against WPA3 also work against EAP-pwd, meaning an adversary can even recover a user's password when EAP-pwd is used. We also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password.
> Due to the severity of some of our (implementation-specific) attacks against EAP-pwd, we will briefly delay the release of the full details of the vulnerabilities that we discovered. Please use this short time window to update your devices, we plan to provide the full details in as little as a few hours.
I don't get it. Everything is super easily spoofed/hacked. You have to design your shit from the PCB up with proprietary everything to ensure any remote possibility of security.
Thomas Gomez
welp
Leo Long
WPA2 is not easy lol
super nice. I havent paid for internet in 4 years.
Samuel Martinez
imagine pushing a cryptographic protocol for standardization without proper public peer review process
Luke Sanchez
just use randomly generated 35 character password for your WPA2 hackers on suicide watch
WPA2 doesn't fucking matter in normie space because WPS is fucking broken so you just sidestep WPA2 and pwn the router by brute forcing the pin with reaver.
Takes like five minutes and a $50 antenna that injects.
Tyler Ross
I bet your WPS is wide open for reaver pin cracking
Cooper Peterson
>not using pfSense >not configuring your own goddamn router you built from parts
Samuel Murphy
Sounds like a classic backdoor.
Ian Bell
nope
Ayden Murphy
That would be called "security through obscurity" and it's about as effective as building a house out of cardboard. The only actual advantage, is that it *delays* the exposure of flaws. It's not a permanent fix.
Lincoln Perez
>not easy
If that isn't easy it makes me lol to think what very easy would be.
Brody Moore
So.... backdoor discovered?
Carson Rivera
To everyone in this thread, here's what happened. WPA3 was going to be really, really good. It would be a major shakeup in the way we think of Wi-Fi security. You could have a public access point that is encrypted, providing at least some level of protection on those networks. You could easily add headless IoT devices to a WPA3 network. The encryption was going to get stronger. wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements Everything was good
Then (((someone))) decided to fuck it all up. When they actually released this thing, they completely destroyed its true potential. The encrypted public networks, now dubbed Enhanced Open, were no longer part of WPA3. Neither was the IoT security, now dubbed EasyConnect. This means that WPA3-compliant products don't have to support those features. You're at the mercy of the vendor to support these extra standards. Possibly even worse though, they stripped the improved cryptographic strength. Now it's only available in WPA3-Enterprise. It doesn't exist in WPA3-Personal. wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security Now the whole thing is being held up by the foundation of this secure key establishment protocol, now referred to as the Dragonfly handshake. Something that was clearly not tested properly. It's almost like WEP all over again. WEP was supposed to be "Wired-Equivalent Privacy", but there was no public review or even any kind of audit, so it was a massive failure. Looks like nobody learned their lesson, and here we are.
>WPA3 was going to be really, really good. seemed good on paper. cannot deny that. >Then (((someone))) nsa/us government? >Possibly even worse though, they stripped the improved cryptographic strength. sounds like something nsa would suggest. >Now it's only available in WPA3-Enterprise. It doesn't exist in WPA3-Personal. what retards. this shit is inexcusable.
Alexander Gonzalez
Who knows. Could be clueless boomers at the alliance. Could be a three-letter. Could be some tech company. Whatever the case, it caused WPA3 to turn come out worse.
Bentley Allen
>turn come wew
Joseph Ramirez
satan
Ryder Gomez
>Whatever the case, it caused WPA3 to turn come out worse. indeed, not looking good at all.
Nolan Moore
I briefly skimmed through the details, it looks nothing like a backdoor. More like a downgrade attack, coupled with the fact that wi-fi requires no user interaction, so many things are left at the client discretion. Considering that there's barely 1% of devices which support 802.11ax and all of them are new, I believe everything will be patched, and if not - it'll be WPA2 at worst, which is quite fortified itself. tl; dr: Jow Forums is pulling "finished and bankrupt" as always.
