With the introduction of WIFI6, we now have the new WPA standard in WPA3. In an earlier article, I talk about WIFI6, and it’s the introduction of WPA3. As we are used to with the previous versions of WPA, WPA3 comes in two “flavors. We have WPA personal and WPA enterprise.
WPA personal is what most of us are familiar with in home environments. The most significant change isthe Simultaneous Authentication of Equals (SAE), which replaces Pre-shared Key (PSK). A preshared key or passphrase is what we are used to typing in when we associate to a new, secured network. Typically you type an 8 character or longer password you have to ask your friend for when you visit their house.
So what does SAE do exactly? At the core, SAE is a peer-to-peer handshake. If you are the kind who likes to read RFCs, then RFC 7664 – Dragonfly Key exchange is what SAE is based upon. With SAE an attacker can not sniff data, analyze it offline, and introduce an attack on a pre-shared key like they can with WPA2. When the client connects to the access point, they perform an SAE exchange. If successful, they will each create a cryptographically secure key, of which the session key is based. If one session key is cracked it will only affect one key, and not all of the key used, as with WPA-2. In SAE the four-way handshake is done away with.
Another critical benefit of WPA is Wi-Fi Device Provisioning Protocol (DPP) which replaces the flawed Wifi protected setup (WPS) currently supported by many consumer routers. With DPP, devices can be authenticated to join a network without a password through various means, including QR codes. So what does the Enterprise side of WPA3 give us? Most of the new features have to do with encryption and key exchange mechanisms. WPA3 enterprise supports 192-bit encryption.
So what does the Enterprise side of WPA3 give us? Most of the new features have to do with encryption and key exchange mechanisms. WPA3 enterprise supports 192-bit encryption.