Re: IEEE 802.11 WPA3 decryption support

[Mikael Kanstrup <mikael.kanstrup () sony com>]

On 25/03/2019 22:41, Guy Harris wrote:
> On Mar 25, 2019, at 2:32 AM, Kanstrup, Mikael <Mikael.Kanstrup () sony com> wrote:
>
> > I started working on WPA3 decryption support. Some parts of it has already been merged.
> So does this mean we'll prove Michael Berg of Tamosoft wrong?
>
>         https://twitter.com/TamoSoft/status/1049975990695399424
>
> "WPA3 will make it impossible to perform on-the-fly or post-capture decryption of WiFi packets by tools like CommView for 
> WiFi. Good security, but still upsetting from the packet analysis standpoint..."
No. That is still valid. I'm not trying to magically decrypt traffic 
without knowledge about the decryption keys. For WPA2 PSK the PSK == PMK 
is same for all connections towards a certain network making it possible 
to decrypt all traffic as long as you've recorded the 4-way handshake 
messages.

For WPA3 PMK is unique for each association and the passphrase -> PMK 
generation is strong. This gives:

- With password alone you cannot decrypt any traffic
- With password + 4-way handshake you cannot decrypt any traffic
- If you somehow can get hold of PMK you can only decrypt that specific 
connection. No other(s).

WPA3 decryption with Wireshark will only decrypt traffic where you know 
the PMK. This is similar to what is supported for WPA2 enterprise 
already today.

> > The dot11crypt engine duplicate quite a lot IEEE 802.11 dissector functionality
> Yes, and it shouldn't.

Agree. Thanks for feedback!

/Mikael

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe