It’s now quite a few years since WPA2 was released and products getting certified. 14 years, to be more precise. During these years WPA2 has been subject to a number of vulnerabilities where the most critical one would be the “KRACK” vulnerability discovered in 2016.
To conclude, since WPA2 is quite old and vulnerable to exploits, WPA3 is well awaited. It provides some additional protections that will make it much more difficult for hackers breaking in to the Wifi:
- Protection against offline, password-guessing attacks. With WPA/WPA2 a hacker can capture encrypted data from your system and then via dictionaries guess the password over and over again until there’s a match. With WPA3 this won’t be possible since the hacker has to interact with the Wifi device at every single guess. Offline dumps will become useless.
- Forward secrecy. Offline dumps won’t have readable data in a later attack. That is, recorded data that later on gets de-encrypted for any reason is useless.
Basically, what this means is that even though a personal user sets a (not too) lazy password in his or her Wifi network, it’s much harder to guess the password by using saved traffic dumps.
In Enterprise applications (WPA-802.1x) WPA3 features the ability to use 192-bits full encryption if necessary.
One of the most important changes though is the fact that the Wi-Fi Alliance now is relying more on known, tested and vetted protocols and encryption standards. Just a few years ago the Wi-Fi Alliance had a tendency of creating their own protocols in secrecy and not disclosing anything about them. It makes much more sense to use known techniques instead.