There have been a number of flaws with WPA2, last year, for example, the KRACK vulnerability that was patched on many devices. Ergo, it is time to update to something newer and better. ... Wi-Fi Alliance announces WPA3 encryption protocol
Nice. Will it possible to implement WPA3 with software upgrade, or new hardware will be required? (Ex: getting a new smartphone, wi-fi router, etc...)
Software should be possible, however the question still remains how many are going to do that, and how many will try to sell you new hardware instead.
Seems kinda strange, isn't WPA2 supposed to use AES ? I don't believe AES was ever broken or that anyone even came close to it. Or is it simply a problem of implementation ?
Sounds a lot like Intel, doesn't it? Another problem is: How many customers are going to upgrade their router (I assume you spoke of vendors before, right?) if a firmware update is available? Grandma won't upgrade her router by herself for sure, but is still online surfing the web for cat pics.
WPA2 isn't inherently insecure, so thats fine. Many devices also auto-update these days - if an update is available.
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected - from researchers that found KRACK
I partially agree. WPA2 isn't as insecure as advertised by the media, but the possibility to crack WPA2 passwords in a reasonable amount of time is there. Source: https://www.krackattacks.com/ For example a --software name removed-- attack with help of EC2 gives you a 10-char password in a couple of seconds. I won't post links for that, but google and you will find enough links to provide proof for my statement.
meh time for new routers to be sold with those new cpu you need to fix a flaw that patching with sw will reduce performance in?
Oh I see, thanks. They specifically attack the handshake when connecting to the network and exchanging the keys. So this really needs just a SW fix. But the entire new protocol will take a long time to create and approve, let alone enforce someone to use it.