WPA3 Wifi Questions

[mlanguishi]

I'm having a hard time of telling, so let me just ask here. Is WPA3 absolutely better than 2? It seems that the main difference is forward secrecy in 3 that 2 doesn't have, and 2 is more prone to dictionary/low quality password attacks.

My main questions for the real experts:

Does having a single WPA2 device on the Wifi network render the whole WPA3 advantage down, because that device can fall for the key capture attack? I think so. The WPA3/2 backwards compatibility confuses me.

I'm having to deal with Eero routers on their products having beta level WPA3 wonkiness, shouldn't that be fully solved by now?

I searched 'WPA3' and there's amazingly little on KF and even in general about it.

 

[Vecr]

Does having a single WPA2 device on the Wifi network render the whole WPA3 advantage down, because that device can fall for the key capture attack? I think so. The WPA3/2 backwards compatibility confuses me.

I think so, depending on how the network works. If you can totally segregate out WPA2 and WPA3 it would be an improvement, but you have to harden all your switches to make sure all IPv6 RAs and DCHP server locations can only be in the "secure" section.

 

[mlanguishi]

I think so, depending on how the network works. If you can totally segregate out WPA2 and WPA3 it would be an improvement, but you have to harden all your switches to make sure all IPv6 RAs and DCHP server locations can only be in the "secure" section.

That's the thing, most WPA 2/3 devices seem to do WPA2/3 based on connection viability and maybe signal strength. Like all 6ghz Wifi 6E's are WPA3, but if they drop to 5ghz, it might go to WPA2. It is a mess now with the mix. It makes sense that pure WPA3, from network creation to end, without 2, would be more 'solid'. I think there's a possibility that 2's can come in and out and just be 'less risky' during that join/depart time for weak passwords.

Sadly, this seems to be almost impossible to really get a good answer on.. Most Wifi 6/7 routers seem to have WPA3/WPA2 as an option, so you can't segregate them on a consumer level.

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

Does having a single WPA2 device on the Wifi network render the whole WPA3 advantage down, because that device can fall for the key capture attack? I think so.

Here's a good article on this:

https://arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-vulnerable-to-hacks-that-steal-wi-fi-passwords/

My understanding of this is that WPA2 devices on a network in WPA3 transitional mode won't 'poison' forward security for WPA3 enabled devices on the same network communicating with each other. But you might be fucked vs. a vs. everything else. Wires exist for a reason.

 

[generic sauce]

Don't use a password that is easy to bruteforce or is part of a password list. You're welcome.

 

[mlanguishi]

Here's a good article on this:

https://arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-vulnerable-to-hacks-that-steal-wi-fi-passwords/

My understanding of this is that WPA2 devices on a network in WPA3 transitional mode won't 'poison' forward security for WPA3 enabled devices on the same network communicating with each other. But you might be fucked vs. a vs. everything else. Wires exist for a reason.

I used randomized 40+ keepassed stored wifi pass, but.. Forward secrecy is nice though. But, if your system has a WPA2, connection and there's a bad actor listening at that time, does that 'poison' that part? I figure this is academic and all. To me WPA3 vs 2 is a bit like SHA3 vs SHA256, just the extremes. But why not in the end max it out if it's just a setup thing that's all your devices and just a setting option?

I've also seen that WPA2 is susceptible to false SSID's, that might crunch the key out. and that would affect and poison the whole wifi network.

ETA it sounds like that old 2019 article, which I kinda knew about, is saying that the downgrading that WPA3 can do is a mess. It seems it might be best is you can say a network is WPA3 connection only, which I don't think any commercial routers can do. I'm trying to go WPA3 only, not so much as a fear, but just to see if I can do it and be better overall than WPA2.

ETA again, and not to mention that almost all routers now want that WIFI password uploaded, or try. And do they even if you say no on that switch not to? It's always the workarounds that work more than the direct attacks imo.

 

[mlanguishi]

Oh and I just got this from a router security expert. It's still a bit wishy washy, but this whole topic seems to be.

Regarding your inquiry about WPA2 connections impacting WPA3 security, it's worth noting that while a mixed WPA3/WPA2 environment may introduce some complexities, it doesn't necessarily compromise the overall security level provided by WPA3. However, having full WPA3 support across all devices offers optimal security benefits.