bayotop
commented
6 years ago Also WPA2 is already using PBKDF2 with 4096 iterations. As a minimum that sentence should be better worded.
Open mbevand opened 7 years ago
bayotop
commented
6 years ago Also WPA2 is already using PBKDF2 with 4096 iterations. As a minimum that sentence should be better worded.
mbevand
commented
6 years ago It seems a PAKE protocol is finally going to be adopted by WPA3!
Previously [in WPA2], before a handshake could happen on a network, an attacker could do their guessing offline
State-of-the-art password authentication uses PAKE, which completely prevents bruteforcing passwords: https://en.wikipedia.org/wiki/Password-authenticated_key_agreement See also https://news.ycombinator.com/item?id=14842145
The suggestions to use scrypt or PBKDF2 (under The password can be cracked offline) are obsoleted by PAKE.