search

d33tah / call-for-wpa3

Call for WPA3 - what's wrong with WPA2 security and how to fix it
240 stars 27 forks source link

Added some improvements to the proposal #2

Closed i-rme closed 8 years ago

i-rme commented 8 years ago

I really like this proposal, the Wi-fi Alliance should develop WPA3 as soon as possible.

WPA3 should use the same crypto that powers TLS (https), modern and trusted cryptography that allows privacy and secrecy under MitM attacks.

Scrypt and PBKDF2 are good key derivation functions (I believe that PBKDF2 is already being used in WPA2 but with very low cpu cost) that should be used to avoid cheap password cracking.

WPS (Wi-Fi Protected Setup) should be redesigned if not fully removed from Wifi devices. Nowadays its easy to crack WPS and get access to a network without touching WPA2.

d33tah commented 8 years ago

@i-rme: sorry for such a long delay, merged.