Dragonblood - WPA3's Insecurities Exposed
Last Post: April 12, 2019:
-
Mathy Vanhoef, originator of the KRACK attack against WPA2, has co-published the first paper describing the vulnerabilities in WPA3.
This new attack is called Dragonblood, in reference to the Dragonfly algorithm used in WPA-3's SAE (Simultaneous Authentication of Equals) handshake mechanism.
https://papers.mathyvanhoef.com/dragonblood.pdf
As I expected they would, big issues have arisen for WPA3 transitional networks. In these, both WPA2 and WPA3 are allowed simultaneously through the same BSSID. Interestingly, the problems created are more complicated than those simply caused by "either/or" encryption - a flawed predicament already understood by the WFA and many others.
The simplistic solution to this latest weakness is to just not allow transitional WPA2/WPA3 networks. If you are that concerened, use WPA3 only. (yes, I realize the difficulties with that approach)
One of the problems alluded to by Mathy is the WFA's obfuscation in their testing-before-release-process, and their lack of dedicated, in-house, cryptology experts. Mathy's solution is to have the "experts" at the IEEE handle the pre-release evaluations. I feel this is a little simplistic and does not address everyone's issues. I would point out that both the WFA and the IEEE have had difficulties in this area. In my opinion, the IEEE's creation on WEP is the bigger embarrassment - for which they have taken steps to not repeat.
The WFA knew months before public release. of its solution, about the weaknesses presented by KRACK. There were several bureaucratic and legal challenges before it could even be discussed among its members. The whole episode was very frustrating to those of us involved in multiple sides of the situation.
Everyone should expect that more problems with WPA3 will be discovered in the future. That's just the way these things work.
More insight into the paper is provided here:
- 1