Score:2

Is PAKE more secure than WPA2?

jp flag

As I understand it, in WPA2, the shared key (for encryption) is derived from the password, plus nonces and identities used in the initial 4-way exchange. An attacker who was able to sniff the initial exchange could perform an offline dictionary attack on the AP password.

I've also learned about PAKE protocols that also derive cryptographic keys from a shared, low-entropy password, but are resistant to offline dictionary attacks.

So what is the difference between how WPA2 and PAKE derive their shared session keys, and if PAKE is resistant against offline dictionary attacks, why don't WIFI security protocols use PAKE?

poncho avatar
my flag
Actually, WPA3 uses Dragonfly, which attempts to be a PAKE (albeit one with side channels if not implemented carefully)
Score:4
my flag

An attacker who was able to sniff the initial exchange could perform an offline dictionary attack on the AP password.

That is indeed correct for WPA2

why don't WIFI security protocols use PAKE?

I wasn't involved with the design; I assume that WPA2 and earlier do not use a PAKE because it was considered too expensive (either in terms of bandwidth or computational cost).

Now, with WPA3, that added Dragonfly, which does attempt to be a symmetric PAKE (symmetric means both sides need to hold the password).

Now, Dragonfly is not perfect; if you implement it using elliptic curves in the obvious way (e.g. copy the algorithm from the RFC), it allows a timing attack, that is, the attacker can deduce some information about the password based on how long the algorithm takes.

While you can write an implementation that doesn't have this (which takes much longer), you can't be sure that the other side is similarly protected. I believe this is one case where you really do want to use a MODP group instead (which doesn't have this sort of foot cannon)

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.