Will WPA3 work on existing hardware?

security

#1

WPA3 was kind of / sort of announced at CES without any detail. Do we know enough about it to know if it requires new hardware or will be just a software update?


WPA3 - any plans to support this upcoming standard?
#2

Supposedly it will just require a software update, but, from what I’ve read, devices have to be WPA3-certified - so I’m not sure if the Omnia will be able to support it or not. I think we will just have to wait and see.

Source: http://www.androidpolice.com/2018/01/09/wi-fi-alliance-announces-wpa3-security-protocol-protecting-wireless-devices/


#3

Any chance that somebody from the Turris Omnia team could respond to the question?


#4

Hi,

not sure what kind of answer do you expect. AFAIK there are no final or even DRAFT WPA3 specifications. Just after that can chipset and cards manufactures validate their products - and Turris team is neither of that. If Compex (manufacturer of both WLAN card) or someone else will release that the cards are compatible Turris team can react and look for appropriate drivers or so.


#5

I’m almost (very almost) sure WPA3 can be “just” software update. Very simply said it is handshake process improvement/ hardening over existing WPA2 protocol (and some more features of course) . It is known to be existing in linux already but after KRACK vulnerability was development and cerification accelerated.
In my opinion manufacturers will just say “new hardware is needed” because firmware updates development, testing, re-certification process of old devices (both APs and clients) by wi-fi aliance,… is more expensive than to promote “super secure router with WPA3” and increase sales of new devices by artificially invoked panic about WPA2 “old routers”.
So good for us - with open souce / open HW platform it should be possible to receive updates from upstream. In worse case when new HW will be really needed - it is just enough to replace radio in router.


#6

Based on recent media in relation to WPA3 and the press release https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements, then I would assume that WPA3 has already been finalized and released to hardware manufacturers.

Assuming that the above two points are correct, then I’m curious if Turris Omnia is intending on providing support for the standard? Are they investigating the option?

After all, the Turris Omnia was billed as a “secure” router that will be kept up to date, so I’m curious what are their intentions?


#7

Hello guys,
We received similar question a month ago, but I need to be honest. All answers what you got are correct.

At CES there was introduced a new security protocol WPA3 for Wi-Fi devices.
There aren’t many details about WPA3. We follow developments of WPA3. We’d like to have support for WPA3 on Turris 1.x and also on Turris Omnia, but it depends how it will be with certifications.

We don’t even know final specifications of WPA3, so we’ll see in late 2018.


#8

After KRACK was “fixed” on very recent hardware, wifi is as unsecure as was before and WPA3 will be more secure only till new vulnerabilities will be discovered (and it will be).
Don’t forget that both AP and client must support WPA3 so before client devices are supported (it won’t be 2018) there’s no need to have APs supporting WPA3. How often do you change clients?
I believe TO team will try to implement WPA3 as soon as available but they depend on wifi hw manufacturers and upstream. There’s not so much they can do proactively.

Edit: this was written at the same time when @Pepe posted so sorry for possible duplication


#9

glad to hear it … that’s good news. :slight_smile:


#10

It appears that WPA3 is finalized and released

https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security


#11

still required is software support to roll out. i havent seen a new hostap or wpa_supplicant released yet.


#12

WPA3: A Missed Opportunity


#13

makes WPA3 seem to more of windows dressing…


#14

As expected. Good news is that there’s no need to replace HW.
Of course depends if black-box router manufacturers will provide updates but most probably not because they can sell new routers with old HW and new FW- just put WPA3 sticker on it.


#15

WPA3 is now supported in hostapd and wpa-supplicant, and I have enabled it in the latest Git snapshot I uploaded to Debian.


#16

Hi andrewsh,

Could you please tell, how did you enable WPA3? Did you get the source code for integrating WPA3 secuity into your existing code?
As I want to integrate WPA3 to my linux source, does that sound possible?

Thanks,
Chitra


#17

You need the latest Git snapshot, and you need to enable OWE, DPP and SAE. It doesn’t say WPA3 anywhere though yet.


#18

Please don’t mind.
As I am new to this field could you please explain in brief that how do I enable OWE, DPP and SAE and how do I get a Git Snapshot.

Or do we need to implement the algorithm to ensure OWE, DPP and SAE?

Thanks alot in advance.


#19

You need to build hostapd/wpa-supplicant from the source the upstream provides in their Git repository. You also need to enable those three things in defconfig files for both hostapd and wpa-supplicant; two of the settings are not in the configs at the moment, so you may need to add them.


#20

How to add two of the config settings in defconfig file?
could you please give sample example for that configs.