1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Better News About WPA3 Device Support

Discussion in 'General Wireless Discussion' started by thiggins, Jun 27, 2018.

  1. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,602
    wpa3_graphic.jpg
    (Image credit: Actiontec)​
    The WPA3 Certification announced yesterday revealed that only one of the four mechanisms described when WPA3 was first announced earlier this year is included in the Certification.

    The mandatory Simultaneous Authentication of Equals (SAE) method replaces WPA2's four-way session key generating "handshake" that was vulnerable to the KRACK attack and offers protection against dictionary attacks in general. Since it occurs only during the AP-STA authentication process, SAE doesn't significantly increase processor load.

    The upshot is that this watered-down definition of WPA3 should be able to be added to devices that currently support WPA2. So rip-and-replacing all your current Wi-Fi gear to get improved security should not be necessary.

    The "will they/won't they" (upgrade existing stuff) question now boils down to how vendors view the priority of supporting existing products vs. pumping out new stuff. So I asked Qualcomm, Linksys and NETGEAR for their official word on plans to support WPA3 on existing Wi-Fi products. The question posed to each was "Could you please comment on your plans to support WPA3 in existing products?".

    Since Qualcomm is at the top (or bottom) of the Wi-Fi food chain, let's start with them.
    This felt a little wiggly, so I asked for confirmation whether WPA3 will eventually be supported "in all Wi-Fi devices in Qualcomm's current catalog and going forward, both AP and STA (client) devices". The response:
    Pretty encouraging, particularly since if Qualcomm doesn't upgrade drivers, ain't nothin' gonna happen downstream.

    Next up, Linksys offered a definite maybe...
    Finally, NETGEAR replied:
    I belatedly reached out to ASUS and will update this post with their response when I receive it.
     
    amplatfus, Mihai, Rooter and 9 others like this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Killhippie

    Killhippie Senior Member

    Joined:
    Mar 20, 2016
    Messages:
    350
    Location:
    UK
    Thats great news, much better tghan the thought that my newly purchased 2018 OLED TV and my XR500 router may now not be obsolete Wi-Fi wise as I am not buying a new TV in a long long time.
     
    Mihai likes this.
  4. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,602
    Nothing is guaranteed. I wouldn't hold my breath for a WPA3 upgrade for the TV....
     
    Mihai likes this.
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,256
    Location:
    Canada
    Yeah, TV manufacturers are notoriously bad at keeping their software stack up-to-date. Smart TVs are generally a bad idea in the long run, better to spend money on a discrete box instead that will get better software support, and will also be cheaper to replace in a few years than the whole TV.

    If you want something high-end, the nVidia Shield TV is the box to get. I recently replaced my NAS (running Kodi) and my Chromecast with one. Cheaper alternatives like Roku, or even just a plain Chromecast paired with a smartphone are also worth considering, based on your needs.
     
  6. avtella

    avtella Very Senior Member

    Joined:
    Oct 8, 2015
    Messages:
    722
    Location:
    USA
    Agreed, looked at Shield and is probably the best pick at the moment but with free Roku’s coming in every other year for betas I’m gonna stick with those for now.
     
    Last edited: Jun 28, 2018
  7. Trebuin

    Trebuin Regular Contributor

    Joined:
    Jun 19, 2013
    Messages:
    199
    Plus, governments spy on you through your smart TV.
     
    Mihai likes this.
  8. Killhippie

    Killhippie Senior Member

    Joined:
    Mar 20, 2016
    Messages:
    350
    Location:
    UK
    Its an Android TV so it may get an update, time will tell...
     
    Mihai likes this.
  9. quadra2030

    quadra2030 New Around Here

    Joined:
    Apr 11, 2018
    Messages:
    8
    The problem is, Smart TV crap is everywhere.. find me an OLED TV without all this sw crap (full of security bugs and slow), but with quality picture scaler (at least on Sony A1 level) and SMB client for playback (with good MKV implementation) and that would be winner for many people!
     
    Mihai likes this.
  10. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,602
    Just don't connect the TV to a network...
    Every TV these days also supports 3D and I don't use that either.
     
    Mihai and charlie2alpha like this.
  11. quadra2030

    quadra2030 New Around Here

    Joined:
    Apr 11, 2018
    Messages:
    8
    That's the way I have my LG OLED TV installed :) connected to Apple TV, had nVidia Shield for testing, too many issues (correct framerate without skipping, bad upscaling quality compared to Sigma hw chipset like Popcorn or Dune network players, Apple TV has issues too, but is definitely closer to them)..
     
    Mihai likes this.
  12. Killhippie

    Killhippie Senior Member

    Joined:
    Mar 20, 2016
    Messages:
    350
    Location:
    UK
    I have the Sony A8 and its great as far as having it connected I don't mind it being hooked up, I turn off all the google stuff and Samba crapola and love Netflix with HDR and Dolby Vision Amazon Prime with HDR and Dolby Vision and BBC iPlayer with (no 3D as thats been phased out) the same and YouTube all without an extra box. Also I don't have to think about checking for firmware updates and apps are updated weekly (You Tube, BBC iPlayer etc) to fix bugs. Anonymity online is near on impossible now. Even with a decent VPN, script blocking ad blocking etc they can still follow you around by what your blocking habits are it seems now, your bank card is leaking like a sieve when its in a shop thanks to its RFID chip (yes I have a Faraday wallet) You cant win.

    In the end though I block as much as I can but if I wanted to remain anonymous completely I would be living off the grid with electricity from a generator, no TV no Internet, and killing my own food... making my own clothes and living as a hermit. Every piece of tech we have has bugs, the OS you are typing on does, your phone does, I really have not got time to make a tinfoil hat for my home but I take precautions to limit as much as I can while still enjoying the benefits of the tech I have. After all that Apple TV is leaking like a sieve as well @quadra2030, all this stuff does.
     
    Mihai likes this.
  13. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,602
    Folks, please stay on topic, which is WPA3...
     
    Mihai and Killhippie like this.
  14. Killhippie

    Killhippie Senior Member

    Joined:
    Mar 20, 2016
    Messages:
    350
    Location:
    UK
    It will be an interesting time, I think companies will have to try as much as they can to retrofit where possible firmware for WPA3 because buying new routers and Clients will be a major headache for most and lead to WPA3 not picking up pace for a few years. The changes in WPA3 seem to show that, but how well that will go down in the security community is another thing altogether. I guess its a case of having to balance all new hardware being needed and consumer buying cycles as well. New phones, computers, tablets etc and routers seem to be less important to people as they are perceived as not more powerful than what they have already so people keep hold of them longer, so backporting WPA3 by changing what's in the certification is easier but has security been compromised?
     
    Last edited: Jul 2, 2018
    Mihai likes this.
  15. Razor512

    Razor512 Senior Member

    Joined:
    Sep 29, 2012
    Messages:
    438
    Agreed, adoption of new hardware can be a major barrier (it did not work out for 802.11ad). If they put profits ahead of security, WPA3 will have a massive uphill battle. they need to examine all commonly owned hardware going back multiple years, and see what can handle it.

    For example, I don't see why a snapdragon 835 or even a snapdragon 820 SOC cannot handle WPA3 as the WiFi back end does not seem to have really changed. It simply seems like a business decision to exclude hardware that could otherwise handle WPA3, especially for a standard that the vast majority of users do not even consider or think about.
     
    Mihai and Killhippie like this.
  16. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,256
    Location:
    Canada
    Governmental bodies need to start applying pressure on manufacturers. WPA3 isn't just a random feature improvement, it's a necessary security fix to a flawed mechanism. This should therefore be considered a matter of security. If the requirements are purely software, then pressure should be applied on manufacturers to fix it.
     
    Mihai and Killhippie like this.
  17. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,478
    Location:
    San Diego, CA
    I agree - please keep in mind that any AP that supports WPA3 will also support WPA2, as WPA2-AES is a requirement in the core 802.11 specs, esp for 802.11n and 802.11ac - as previously mentioned, some vendors may provide updates in the interim, and I think that the first WPA3 clients likely will be mobile phones, just because of product cycle that they're in with major annual updates across the product lines.

    As long as the AP supports WPA3, one can soft-roll into full WPA3 as one does now with equipment upgrades/updates...

    This would apply both the the home/small business, as well as the enterprise where product lifecycle tends to be long, e.g. 36-60 months is not unusual these days before laptops/desktops are decommissioned.

    Going to WPA3 and the enterprise - that might be more of an issue, depending on the state of WLC's and Auth Centers, which may have dependencies if there are new mandatory information elements that need to be supported. Might or might not, IMHO, as I have not been able to get a copy of the formal WPA3 specifications yet...
     
    Mihai likes this.
  18. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,478
    Location:
    San Diego, CA
    I don't see WPA2 (either Personal or Enterprise) as a major security risk, it's still very robust, esp. Enterprise, and WPA2-Personal can be similar with a strong enough passphrase and using WPA2-AES for auth and ciphering...

    Yes, there have been issues in the past - KRACK is a good example, but that wasn't a flaw in WPA2, but a flawed implementation of the chipset drivers in current/legacy equipment.

    One thing I would like to see is for the vendors to fully remove WEP (any flavor) and WPA1-TKIP and WPA2-TKIP, aka WPA2 mixed mode - that mixed mode operation does have flaws that can be exploit via the group key being TKIP and not AES.

    There's no real need for it any more, and this would simplify device driver development...
     
    Mihai likes this.
  19. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,478
    Location:
    San Diego, CA
    One of the key things that I do applaud is the recognition that WPS is very broken, and needs to go away and replaced with something that is (1) better/more secure, and (2) easier to use for end-users, and (3) makes development more consistent.

    WPS was, and is, overly complicated for the problem it was trying to solve, for both end users (pin or pushbutton) and developers because they needed to cover multiple approaches, which is why critical bugs are still there...

    The working group attempted to resolve the WPS problem with the WPA3 spec, but I can understand that it was out of scope, since WPS is not part of WPA2/WPA1, or the supporting IEEE 802.11 specs...
     
    Mihai likes this.
  20. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,602
  21. umarmung

    umarmung Regular Contributor

    Joined:
    Apr 21, 2018
    Messages:
    191
    Still no news from Broadcom nor Asus?
     
    Mihai likes this.
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!