Skip to main content

Wifi Encryption Standards

Unit: 12 Lesson: 3

lockdown! lockdown! this is a (maybe) drill! lockdown! lockdown!

Wifi networks need to be configured with authentication and encryption settings. Otherwise, any Joe Schmoe can come along and listen to all the traffic happening over the radio waves.

Wifi Protected Access (WPA)

WPA came along to fix the critical vulnerabilities in it's predecessor, Wired Equivalent Privacy (WEP). WPAv1 uses the now deprecated and vulnerable RC4 cipher to encrypt standard. It also used TKIP to cover the old attack vectors that WEP had.

WPAv2 uses the AES cipher with CCMP (no i'm NOT typing the entire thing out, are you serious?), replacing RC4 and TKIP.

WPAv3 came along because weaknesses were found in WPAv2, namely a handshake exploit called KRACK and a Key Reinstallation Attack that leads to traffic interception and session hijacking. WPAv3 features:

  • Simultaneous-Authentication-of-Equals: Replaced the WPA2-PSK method that was vulnerable to key recovery
  • Updated cryptographic protocols: replaced AES-CCMP with AES-GCMP
  • Protected management frames: protect management frames from being spoofed and manipulated
  • Wifi Enhanced Open: protect networks that don't require any authentication from unauthorized packet sniffing

#Netplus

Back to top