[dikkechill]

If you're using something like OpenWRT, you most likely don't need to buy new hardware.

The WPA3 functionality is already added to hostapd and wpa_supplicant [1]. Look for the terms SAE (Simultaneous Authentication of Equals), DPP (Device Provisioning Protocol) and OWE (Opportunistic Wireless Encryption).

The current experimental wpa_supplicant Debian package has this enabled [2]. I think the main challenge is upgrading clients, especially when vendors no longer provide updates.

[1] https://w1.fi/cgit/hostap/log/?qt=grep&q=SAE

[2] https://packages.qa.debian.org/w/wpa/news/20180722T152029Z.h...

[kiallmacinnes]

Did you say the same thing when WPA2 came out? And WPA? Or, are you still on WEP?

Nobody is claiming you'll be on WPA3 tomorrow, just that it's here, and that you'll eventually migrate to it unless you never buy anything new again...

[tw04]

When wpa2 came out, most cellphones didn't even support wifi, and smartphones were still years off. I had exactly one device at the time that needed wifi and I'm a "nerd".

In 2018, off the top of my head I can get to 30 devices connected on WiFi at my house. VERY much a different discussion than 2004.

[kiallmacinnes]

Cellphones have a typical 2-4 year life, so these will disappear pretty quickly. I expect many of those 30 items to have a relativly short lifespan - maybe 5-10 years at best.

We're adding more and more connected devices:

Phones, tablets, desktops, laptops all typically have a short life..

Smart home devices with WiFi, well, those claim an incredible life - but I really pity anyone putting today's consumer "IoT" devices in. Those things are often out of support before you even buy them. I doubt they are lasting 10 years, and even when I do, I doubt they'll still be safe to leave in place.

TVs and TV set top boxes - this one really bugs me. I want a good quality dumb panel, because the smarts are out of date well within two years, and the TV itself should be good for way longer. TV Boxes, they go out of date too - but there cheap, so get replaced way more often.

Long story short - I think the devices we're buying today are not designed to stand the test of time. They will IMO die out or be removed from your home much faster than we all hope.

Edit addition: also, forgot to mention - I had lots of stuff that was WEP only. Much of it well after WPA2 came out. There all long gone, I expect the same will happen to the vast majority of people.

[close04]

> relativly short lifespan - maybe 5-10 years at best

If you had to keep the door to your house unlocked for 5-10 years would you still consider it relatively short? How about if you couldn't patch your OS for the same length of time?

Being stuck with such vulnerabilities for years is only short if nothing that tech touches is of much value to you.

[tw04]

>forgot to mention - I had lots of stuff that was WEP only.

Such as? You had to go out of your way to find devices that both had wifi and were only WEP capable in the early 2000s.

[GTP]

Nintendo DS is the first example that cames to my mind.

[Moto7451]

Yup, this.

Same song and dance as USB 1.1, USB 3, USB C, Lightning Cables (relative to iPod dock connectors), and all of our evolving standards. It sucks for a year or two and we move on.

For the purposes of WPA transitions, I’m willing to bet slick dual hand routers will support WPA2/3 split between each channel.

[pizzazzaro]

Which means you really dont have the additional security of WPA3.

[Moto7451]

Very true. I don’t think we have a better option though. Like a lot of standards updates you have to cycle from old to new. Cutting support for old SSL cyphers/versions/certificate key requirements without a notice and replacement implementation period would be painful and disasterous.

I turn off whatever insecure protocols exist on my router and will do the same once everything I care about can do WPA3. Getting the population at large to do the same is difficult. I’ll evangelize the benefits of switching, but the best way to loose support is to break use cases by pushing people onto something that prevents their positive device experiences.

[reaperducer]

If you're using something like OpenWRT, you most likely don't need to buy new hardware.

Awesome! Point me in the direction of the firmware upgrade portal for my 15-year-old wifi printers, computers, and game machines from companies that no longer exist.

[dikkechill]

I agree, you have a good point with respect to a large amount of older hardware and I do not have a solution for that problem. What I can say is that I try to buy hardware which has support for open source software and has a community around it. So far this helped me to extend the life of these devices, as it does not depend on the vendor alone.

I'm not really sure how to interpret your 'Awesome!'. If it was meant snarky and if you're willing to, please have a look at the HN guidelines for comments [1]. We can then improve the quality of the discussion.

[1] https://news.ycombinator.com/newsguidelines.html

[reaperducer]

I'm not really sure how to interpret your 'Awesome!'. If it was meant snarky and if you're willing to, please have a look at the HN guidelines for comments [1]. We can then improve the quality of the discussion.

You're right. I'm sorry about that. Sometimes I forget which web site I'm posting on.

[dikkechill]

Thank you, I appreciate that!

Actually, thinking a bit longer about the problem, the issue in my mind is that vendors/producers do not have an incentive to update software if you only pay for the hardware once. For them it's just a cost. It's more interesting to sell more hardware. My strategy as consumer is to go to open source for such devices. But perhaps there are better strategies.

I'm aware of Cisco having a model to pay for software updates, but this is mainly for business clients. Does anyone know other vendors that have business models, that create incentives for updating devices? Perhaps even for consumers?

I remember that in the past MacOS updates had to be purchased, but this no longer seems to be the case. Is there actually a consumer market for such business models, where hardware and (paid) software are tied together for a longer life cycle?

[oh_sigh]

Is that snark or is it just somewhat obvious sarcasm? Occasional usage of sarcasm, hyperbole, facetiousness, does not diminish the quality of a discussion.

[mikestew]

Fine, then don’t upgrade. I don’t know why you’re making a big deal out of something you’re not going to do anyway. As long as you are aware of the risks of using old and less-secure hardware and protocols, and you’re fine with that, you shouldn’t care what new thingy comes out. Just be careful you don’t turn into “I don’t even OWN a TV!” guy.

[behringer]

You can't stop caring about security just because you can't upgrade everything. You could instead just keep a secure and insecure network if you're concerned about backwards compatibility and still want security.

[coldtea]

>Awesome! Point me in the direction of the firmware upgrade portal for my 15-year-old wifi printers, computers, and game machines from companies that no longer exist.

Well, some people with OS/2, Atari STs, and VAX mainframes are not gonna get extended WiFi security either.

Those that have newer stuff and can afford to switch to new printers and everything after 10 or 15 years, can use it tho, and those would still be tons of users (and more going forward). We moved from old wifi standards anyway (or you don't use WAP2 either?).

For most people it's just their laptops and phones (which they change every few years), printer (which is easily replaceable since the ink replacements they have to do regularly cost more than the main unit (or close) anyway), and maybe some TV or media player unit.

[oliwarner]

The idea of keeping an increasingly insecure radio open for legacy hardware makes me itch. I'd sooner cat5 or usb these devices into the network than risk the rest of it.

If it doesn't make you worry, there's nothing to do here. WPA3 gives you nothing.

[realityking]

One of my pet peeves: non-portable devices that have WiFi but no Ethernet port. For example the Logitech Harmony Hub, Amazon Echo and Apple HomePod.

[oliwarner]

Definitely.

I guess if WPA2 get blown apart (to the degree WEP was) there might be a market for super-low-power APs that you put on or right next to the device. Not sure that'd be enough without additional shielding.

Most WPA2 devices do support 802.1x which —depending on the crack— may help extend the lifetime.

[Fnoord]

Regarding printer, I found my printer supports USB, ethernet, and WLAN (I'm using ethernet). YMMV.

[taneq]

Most modem/routers these days seem to support a 'guest' network. I'm sure you could set it up so the guest network runs WEP or whatever and your main network runs WPA3, and that way at least it's more secure for some of your devices.

[pasbesoin]

So, we aren't going to be hindered by chipset (not firmware, but hardware) dependencies?

Then, for certain networked things, such as printers, maybe we can hang a Pi-like device off of one of their physical interfaces and have a WPA3 connection, if we so desire and are willing to go through the contortions?