Preventing password bruteforcing

[mbevand]

State-of-the-art password authentication uses PAKE, which completely prevents bruteforcing passwords: https://en.wikipedia.org/wiki/Password-authenticated_key_agreement See also https://news.ycombinator.com/item?id=14842145

The suggestions to use scrypt or PBKDF2 (under The password can be cracked offline) are obsoleted by PAKE.

[bayotop]

Also WPA2 is already using PBKDF2 with 4096 iterations. As a minimum that sentence should be better worded.

[mbevand]

It seems a PAKE protocol is finally going to be adopted by WPA3!

Previously [in WPA2], before a handshake could happen on a network, an attacker could do their guessing offline

Source: https://www.darkreading.com/endpoint/wi-fi-alliance-launches-wpa2-enhancements-and-debuts-wpa3/d/d-id/1330762