call-for-wpa3 icon indicating copy to clipboard operation
call-for-wpa3 copied to clipboard

Published 20 hours ago verified publisher icon d33tah

Preventing password bruteforcing

Open mbevand opened this issue 7 years ago • 2 comments

State-of-the-art password authentication uses PAKE, which completely prevents bruteforcing passwords: https://en.wikipedia.org/wiki/Password-authenticated_key_agreement See also https://news.ycombinator.com/item?id=14842145

The suggestions to use scrypt or PBKDF2 (under The password can be cracked offline) are obsoleted by PAKE.

mbevand avatar Jul 24 '17 21:07 mbevand

Also WPA2 is already using PBKDF2 with 4096 iterations. As a minimum that sentence should be better worded.

bayotop avatar Oct 16 '17 08:10 bayotop

It seems a PAKE protocol is finally going to be adopted by WPA3!

Previously [in WPA2], before a handshake could happen on a network, an attacker could do their guessing offline

Source: https://www.darkreading.com/endpoint/wi-fi-alliance-launches-wpa2-enhancements-and-debuts-wpa3/d/d-id/1330762

mbevand avatar Jan 10 '18 17:01 mbevand