Search
WPA3 Security Enhancements
Posted by Hemant Chaskar on Apr 12, 2018
WPA3 Security Image

The current standard for security over WiFi links is WPA2. WiFi Alliance recently announced plans to introduce WPA3 for improvements to WiFi security. While no technical details on WPA3 have been announced, there are clues in the announcement and in the technical literature, to what WPA3 may contain. This blog reviews security protocols, namely OWE and Dragonfly, that are believed to be introduced in WPA3.

Recent Posts

Posts by Topic

see all
free-on-demand-webinars.png
About One CVE at the Tail End of KRACK: 13088
Posted by Hemant Chaskar on Oct 27, 2017

In my last video blog on KRACK attack, I explained the technical details of workings and countermeasures for 9 out of 10 CVEs. The one I did not discuss in detail was CVE-2017-13088. At the time there wasn't enough information available on it and though it looked like the twin of CVE-2017-13087, due to differences between how group keys are distributed in MFP mode versus non-MFP mode, it required separate consideration.  After receiving more details from the researcher (@vanhoefm), I am prepared to share  information about CVE-2017-13088 and the appropriate countermeasures.

WPA2 Vulnerability.png
WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained
Posted by Hemant Chaskar on Oct 16, 2017

Researchers from the University of Leuven (@vanhoefm and team) have discovered flaws in WPA2 implementation in clients and APs. These flaws create vulnerabilities for replay and decryption attacks on packets transferred over WiFi links. They have named them KRACKs (Key Reinstallation AttaCKs). Both 802.1x (EAP) and PSK (password) based networks are affected. These vulnerabilities have been cataloged under 10 CVEs. In the series of videos below, I explain these CVEs in detail with Vivek Ramachandran, Founder and CEO of Pentester Academy.