![\"\"](\"https:\/\/i0.wp.com\/blog.j2sw.com\/wp-content\/uploads\/2019\/04\/1-wifi-300x205.jpg?resize=220%2C153\")
With the introduction of WIFI6, we now have the new WPA standard in WPA3. In an earlier article, I talk about WIFI6, and it’s the introduction of WPA3. As we are used to with the previous versions of WPA, WPA3 comes in two “flavors. We have WPA personal and WPA enterprise.<\/p>\n
WPA personal is what most of us are familiar with in home environments.\u00a0 The most significant change isthe Simultaneous Authentication of Equals (SAE), which replaces Pre-shared Key (PSK). A preshared key or passphrase is what we are used to typing in when we associate to a new, secured network. Typically you type an 8 character or longer password you have to ask your friend for when you visit their house.<\/p>\n
So what does SAE do exactly? At the core, SAE is a peer-to-peer handshake. If you are the kind who likes to read RFCs, the Another critical benefit of WPA is Wi-Fi Device Provisioning Protocol (DPP) which replaces the flawed Wifi protected setup (WPS) currently supported by many consumer routers. With DPP, devices can be authenticated to join a network without a password through various means, including QR codes. So what does the Enterprise side of WPA3 give us? Most of the new features have to do with encryption and key exchange mechanisms.\u00a0 WPA3 enterprise supports 192-bit encryption.<\/p>\n So what does the Enterprise side of WPA3 give us? Most of the new features have to do with encryption and key exchange mechanisms.\u00a0 WPA3 enterprise supports 192-bit encryption.<\/p>\n","protected":false},"excerpt":{"rendered":" With the introduction of WIFI6, we now have the new WPA standard in WPA3. In an earlier article, I talk about WIFI6, and it’s the introduction of WPA3. As we are used to with the previous versions of WPA, WPA3 comes in two “flavors. We have WPA personal and WPA enterprise. WPA personal is what […]<\/p>\n","protected":false},"author":1,"featured_media":3410,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[857,17,86],"tags":[],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2019\/04\/encryption-head-640x353.jpg?fit=640%2C353","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-T1","jetpack-related-posts":[{"id":1798,"url":"http:\/\/www.mtin.net\/blog\/wpa-is-not-encrypting-your-customer-traffic\/","url_meta":{"origin":3411,"position":0},"title":"WPA is not encrypting your customer traffic","author":"j2sw","date":"September 11, 2017","format":false,"excerpt":"There was a Facebook discussion that popped up tonight about how a WISP answers the question \"Is your network secure?\" There were many good answers and the notion of WEP vs WPA was brought up. In today's society, you need end-to-end encryption for data to be secure. An ISP has\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/09\/download.jpg?fit=236%2C213&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3408,"url":"http:\/\/www.mtin.net\/blog\/j2blog-what-is-wifi6\/","url_meta":{"origin":3411,"position":1},"title":"j2blog: What is wifi6?","author":"j2sw","date":"April 21, 2019","format":false,"excerpt":"http:\/\/blog.j2sw.com\/2019\/04\/21\/what-is-wifi6\/","rel":"","context":"In "Wireless"","block_context":{"text":"Wireless","link":"http:\/\/www.mtin.net\/blog\/category\/wireless\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2105,"url":"http:\/\/www.mtin.net\/blog\/my-home-lab-testing-ground\/","url_meta":{"origin":3411,"position":2},"title":"My Home Lab\/Testing ground","author":"j2sw","date":"February 18, 2018","format":false,"excerpt":"A few days ago, my buddy, Greg Sowell posted his Mobile Home Lab. I figured I would show off the rack in my home office. This is a mixture of gear that powers the basic network for the network in my home and for testing, blog posts, support, and videos\\.\u2026","rel":"","context":"In "cisco"","block_context":{"text":"cisco","link":"http:\/\/www.mtin.net\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/02\/IMG_3522.jpg?fit=900%2C1200&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/02\/IMG_3522.jpg?fit=900%2C1200&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/02\/IMG_3522.jpg?fit=900%2C1200&resize=700%2C400 2x"},"classes":[]},{"id":371,"url":"http:\/\/www.mtin.net\/blog\/transit-peer-downstream-what-do-they-all-mean\/","url_meta":{"origin":3411,"position":3},"title":"Transit, peer, downstream..what do they all mean?","author":"j2sw","date":"November 2, 2015","format":false,"excerpt":"As a service provider you have a mountain of terms to deal with. As you dive into the realm of BGP, you will hear many terms in regards to peers. \u00a0Knowing their names AND your definition of them will serve you well. \u00a0I emphasized the and in the last sentence\u2026","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1309,"url":"http:\/\/www.mtin.net\/blog\/how-i-learned-to-love-bgp-communities-and-so-can-you\/","url_meta":{"origin":3411,"position":4},"title":"How I learned to love BGP communities, and so can you","author":"j2sw","date":"July 6, 2016","format":false,"excerpt":"BGP communities can be a powerful, but almost mystical thing. \u00a0If you aren't familiar with communities start here at Wikipedia. \u00a0For the purpose of part one of this article we will talk about communities and how they can be utilized for traffic coming into your network.\u00a0Part two of this article\u2026","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1377,"url":"http:\/\/www.mtin.net\/blog\/soft-reconfiguration-inbound\/","url_meta":{"origin":3411,"position":5},"title":"Soft Reconfiguration inbound","author":"j2sw","date":"September 15, 2016","format":false,"excerpt":"Several people have been asking what soft Reconfiguration Inbound is on a BGP peer. In the dark days of BGP you had to tear down the BGP session and do a full reestablishment in order to bring it up. \u00a0What soft reconfiguration does is copies of all routes received (this\u2026","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/3411"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=3411"}],"version-history":[{"count":1,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/3411\/revisions"}],"predecessor-version":[{"id":3412,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/3411\/revisions\/3412"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media\/3410"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=3411"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=3411"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=3411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/i0.wp.com\/blog.j2sw.com\/wp-content\/uploads\/2019\/04\/encryption-head-640x353-300x165.jpg?resize=300%2C165\")
n RFC 7664 – Dragonfly Key exchange is what SAE is based upon. With SAE an attacker can not sniff data, analyze it offline, and introduce an attack on a pre-shared key like they can with WPA2. When the client connects to the access point, they perform an SAE exchange. If successful, they will each create a cryptographically secure key, of which the session key is based. If one session key is cracked it will only affect one key, and not all of the key used, as with WPA-2.\u00a0 In SAE the four-way handshake is done away with.<\/span><\/p>\n