Tiny Core Extensions > TCE Corepure64

wpa_supplicant-dbus WPA3-SAE support

<< < (3/3)

Rich:
Hi Paul_123
I'm not up on the ins and outs of WPA2/WPA3, but being backward
compatible doesn't automatically compromise security if all of your
hardware supports WPA3, does it?

I'm also looking at this from the point of an unsuspecting user running an
update of their installed extensions, and suddenly half of their connected
devices no longer respond. They may not want to or be able to replace
those devices. While it might be possible to get software updates for some of
those devices, I suspect stuff like thermostats, doorbell cameras, additional
security cameras, door locks, refrigerators, stoves, and all of the other
silly IOT stuff out won't have software updates available.

I did do a little reading and the general consensus is WPA2+WPA3 is no better
than running WPA2.

It was also suggested to run the WPA2 stuff on a separate LAN (or VLAN) that's
isolated from the WPA3 LAN.

Paul_123:
The largest wpa2 risk is a deauth followed by a capture of the 4 way handshake which exposes the encrypted paraphrase….. then a brute force password attack of you passphrase.  While still highly unlikely to the average user with a strong passphrase.  A successful attack would give the person full access.

Isolating wpa2 from your other devices would be a step up in security.

Just the presence of wpa_supplicant 2.11 with SAE enabled will not change anything for the unsuspecting person updating their extensions.  Wpa3/Sae requires different conf entries

GNUser:

--- Quote from: Paul_123 on September 12, 2024, 06:28:42 PM ---Just the presence of wpa_supplicant 2.11 with SAE enabled will not change anything for the unsuspecting person updating their extensions.  Wpa3/Sae requires different conf entries

--- End quote ---
This is correct. Using WPA3 requires software that supports it on both ends (i.e., hostapd and wpa_supplicant compiled with SAE support), hardware that supports it on both ends, and configuration (of AP and client) that turns it on.

Missing SAE breaks things for folks that are trying to use WPA3. Adding SAE support does not break things for anyone.

GNUser:

--- Quote from: Rich on September 12, 2024, 05:10:30 PM ---It was also suggested to run the WPA2 stuff on a separate LAN (or VLAN) that's
isolated from the WPA3 LAN.

--- End quote ---
This is a really good idea.

Navigation

[0] Message Index

[*] Previous page

Go to full version