777:(Key Reinstallation Attack) attack on WPA2 were published. The KRACK attack is believed to affect all variants of WPA and WPA2; however, the security implications vary between implementations, depending upon how individual developers interpreted a poorly specified part of the standard. Software patches can resolve the vulnerability but are not available for all devices. KRACK exploits a weakness in the WPA2 4-Way Handshake, a critical process for generating encryption keys. Attackers can force multiple handshakes, manipulating key resets. By intercepting the handshake, they could decrypt network traffic without cracking encryption directly. This poses a risk, especially with sensitive data transmission.
171:-based encryption mode. Certification began in September, 2004. From March 13, 2006, to June 30, 2020, WPA2 certification was mandatory for all new devices to bear the Wi-Fi trademark. In WPA2-protected WLANs, secure communication is established through a multi-step process. Initially, devices associate with the Access Point (AP) via an association request. This is followed by a 4-way handshake, a crucial step ensuring both the client and AP have the correct Pre-Shared Key (PSK) without actually transmitting it. During this handshake, a Pairwise Transient Key (PTK) is generated for secure data exchange.
581:, meaning that once an adverse person discovers the pre-shared key, they can potentially decrypt all packets encrypted using that PSK transmitted in the future and even past, which could be passively and silently collected by the attacker. This also means an attacker can silently capture and decrypt others' packets if a WPA-protected access point is provided free of charge at a public place, because its password is usually shared to anyone in that place. In other words, WPA only protects from attackers who do not have access to the password. Because of that, it's safer to use
799:
making almost all Wi-Fi products vulnerable. The vulnerabilities impact all Wi-Fi security protocols, including WPA3 and WEP. Exploiting these flaws is complex but programming errors in Wi-Fi products are easier to exploit. Despite improvements in Wi-Fi security, these findings highlight the need for continuous security analysis and updates. In response, security patches were developed, and users are advised to use HTTPS and install available updates for protection.
665:(WPS) feature, regardless of which encryption method they use. Most recent models have this feature and enable it by default. Many consumer Wi-Fi device manufacturers had taken steps to eliminate the potential of weak passphrase choices by promoting alternative methods of automatically generating and distributing strong keys when users add a new wireless adapter or appliance to a network. These methods include pushing buttons on the devices or entering an 8-digit
80:
combining a new
Initialization Vector (IV) with a shared key (it has 40 bits of vectored key and 24 bits of random numbers). Decryption involved reversing this process, using the IV and the shared key to generate a key stream and decrypt the payload. Despite its initial use, WEP's significant vulnerabilities led to the adoption of more secure protocols.
115:(TKIP). WEP used a 64-bit or 128-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP.
652:
The vulnerabilities of TKIP are significant because WPA-TKIP had been held before to be an extremely safe combination; indeed, WPA-TKIP is still a configuration option upon a wide variety of wireless routing devices provided by many hardware vendors. A survey in 2013 showed that 71% still allow usage
640:
Halvorsen and others show how to modify the Beck-Tews attack to allow injection of 3 to 7 packets having a size of at most 596 bytes. The downside is that their attack requires substantially more time to execute: approximately 18 minutes and 25 seconds. In other work
Vanhoef and Piessens showed that,
564:
WPA3 replaces cryptographic protocols susceptible to off-line analysis with protocols that require interaction with the infrastructure for each guessed password, supposedly placing temporal limits on the number of guesses. However, design flaws in WPA3 enable attackers to plausibly launch brute-force
79:
WEP (Wired
Equivalent Privacy) was an early encryption protocol for wireless networks, designed to secure WLAN connections. It supported 64-bit and 128-bit keys, combining user-configurable and factory-set bits. WEP used the RC4 algorithm for encrypting data, creating a unique key for each packet by
798:
On May 11, 2021, FragAttacks, a set of new security vulnerabilities, were revealed, affecting Wi-Fi devices and enabling attackers within range to steal information or target devices. These include design flaws in the Wi-Fi standard, affecting most devices, and programming errors in Wi-Fi products,
672:
The Wi-Fi
Alliance standardized these methods as Wi-Fi Protected Setup; however, the PIN feature as widely implemented introduced a major new security flaw. The flaw allows a remote attacker to recover the WPS PIN and, with it, the router's WPA/WPA2 password in a few hours. Users have been urged to
300:
Different WPA versions and protection mechanisms can be distinguished based on the target end-user (such as WEP, WPA, WPA2, WPA3) and the method of authentication key distribution, as well as the encryption protocol used. As of July 2020, WPA3 is the latest iteration of the WPA standard, bringing
746:
out-of-tree drivers, which generate the GTK themselves, and showed the GTK can be recovered within two minutes or less. Similarly, they demonstrated the keys generated by
Broadcom access daemons running on VxWorks 5 and later can be recovered in four minutes or less, which affects, for example,
789:
The
Dragonblood attacks exposed significant vulnerabilities in the Dragonfly handshake protocol used in WPA3 and EAP-pwd. These included side-channel attacks potentially revealing sensitive user information and implementation weaknesses in EAP-pwd and SAE. Concerns were also raised about the
55:
WPA (sometimes referred to as the TKIP standard) became available in 2003. The Wi-Fi
Alliance intended it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2, which became available in 2004 and is a common shorthand for the full IEEE 802.11i (or
701:
Tunneled EAP methods using TTLS or PEAP which encrypt the MSCHAPv2 exchange are widely deployed to protect against exploitation of this vulnerability. However, prevalent WPA2 client implementations during the early 2000s were prone to misconfiguration by end users, or in some cases (e.g.
676:
In 2018, the Wi-Fi
Alliance introduced Wi-Fi Easy Connect as a new alternative for the configuration of devices that lack sufficient user interface capabilities by allowing nearby devices to serve as an adequate UI for network provisioning purposes, thus mitigating the need for WPS.
140:
to verify the integrity of the packets. TKIP is much stronger than a CRC, but not as strong as the algorithm used in WPA2. Researchers have since discovered a flaw in WPA that relied on older weaknesses in WEP and the limitations of the message integrity code hash function, named
513:
802.1X clients and servers developed by specific firms may support other EAP types. This certification is an attempt for popular EAP types to interoperate; their failure to do so as of 2013 is one of the major issues preventing rollout of 802.1X on heterogeneous networks.
202:
Post-handshake, the established PTK is used for encrypting unicast traffic, and the Group
Temporal Key (GTK) is used for broadcast traffic. This comprehensive authentication and encryption mechanism is what makes WPA2 a robust security standard for wireless networks.
738:(AP). Additionally, they showed that possession of the GTK enables the attacker to inject any traffic into the network, and allowed the attacker to decrypt unicast internet traffic transmitted over the wireless network. They demonstrated their attack against an
780:
Manufacturers have released patches in response, but not all devices have received updates. Users are advised to keep their devices updated to mitigate such security risks. Regular updates are crucial for maintaining network security against evolving threats.
373:
server for authentication, offering higher security control by replacing the vulnerable WEP with the more advanced TKIP encryption. TKIP ensures continuous renewal of encryption keys, reducing security risks. Authentication is conducted through a
790:
inadequate security in transitional modes supporting both WPA2 and WPA3. In response, security updates and protocol changes are being integrated into WPA3 and EAP-pwd to address these vulnerabilities and enhance overall Wi-Fi security.
322:) mode, this is designed for home, small office and basic uses and does not require an authentication server. Each wireless network device encrypts the network traffic by deriving its 128-bit encryption key from a 256-bit shared
301:
enhanced security features and addressing vulnerabilities found in WPA2. WPA3 improves authentication methods and employs stronger encryption protocols, making it the recommended choice for securing Wi-Fi networks.
211:
In
January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2. Certification began in June 2018, and WPA3 support has been mandatory for devices which bear the "Wi-Fi CERTIFIED™" logo since July 2020.
697:
and Marsh Ray). Moxie advised: "Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else."
1685:
689:
2, some of which severely reduce the complexity of brute-force attacks, making them feasible with modern hardware. In 2012 the complexity of breaking MS-CHAPv2 was reduced to that of breaking a single
710:
attack scenarios. Under stricter compliance tests for WPA2 announced alongside WPA3, certified client software will be required to conform to certain behaviors surrounding AAA certificate validation.
597:
attacks of Erik Tews and Martin Beck. They demonstrated how to inject an arbitrary number of packets, with each packet containing at most 112 bytes of payload. This was demonstrated by implementing a
463:
announced the inclusion of additional EAP types to its WPA- and WPA2-Enterprise certification programs. This was to ensure that WPA-Enterprise certified products can interoperate with one another.
163:
Ratified in 2004, WPA2 replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it includes support for
338:. This pass-phrase-to-PSK mapping is nevertheless not binding, as Annex J is informative in the latest 802.11 standard. If ASCII characters are used, the 256-bit key is calculated by applying the
673:
turn off the WPS feature, although this may not be possible on some router models. Also, the PIN is written on a label on most Wi-Fi routers with WPS, which cannot be changed if compromised.
266:. The Wi-Fi Alliance also says that WPA3 will mitigate security issues posed by weak passwords and simplify the process of setting up devices with no display interface. WPA3 also supports
378:
server, providing robust security, especially vital in corporate settings. This setup allows integration with Windows login processes and supports various authentication methods like
2349:
2668:
641:
when WPA is used to encrypt broadcast packets, their original attack can also be executed. This is an important extension, as substantially more networks use WPA to protect
1396:
1342:
734:(RNG). Researchers showed that, if vendors implement the proposed RNG, an attacker is able to predict the group key (GTK) that is supposed to be randomly generated by the
706:), lacked any user-accessible way to properly configure validation of AAA server certificate CNs. This extended the relevance of the original weakness in MSCHAPv2 within
1693:
2195:
285:
WPA has been designed specifically to work with wireless hardware produced prior to the introduction of WPA protocol, which provides inadequate security through
816:
134:
existed to solve these problems, but they required too much computation to be used on old network cards. WPA uses a message integrity check algorithm called
382:, which uses certificates for secure authentication, and PEAP, creating a protected environment for authentication without requiring client certificates.
747:
certain versions of Linksys WRT54G and certain Apple AirPort Extreme models. Vendors can defend against this attack by using a secure RNG. By doing so,
182:. This protocol ensures robust encryption and data integrity, using different Initialization Vectors (IVs) for encryption and authentication purposes.
649:. The execution time of this attack is on average around 7 minutes, compared to the 14 minutes of the original Vanhoef-Piessens and Beck-Tews attack.
1584:
3593:
3588:
3583:
3578:
3573:
3568:
3563:
2377:
1555:
718:
Hole196 is a vulnerability in the WPA2 protocol that abuses the shared Group Temporal Key (GTK). It can be used to conduct man-in-the-middle and
48:
to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system,
1181:
136:
2049:
625:) to be enabled, while the Vanhoef-Piessens attack does not. Neither attack leads to recovery of the shared session key between the client and
2832:
2305:
2875:
482:
401:
stream cipher is used with a 128-bit per-packet key, meaning that it dynamically generates a new key for each packet. This is used by WPA.
613:
when the victim visits a website. In contrast, the Beck-Tews attack could only decrypt short packets with mostly known content, such as
3643:
1413:
554:
exist for the top 1,000 network SSIDs and a multitude of common passwords, requiring only a quick lookup to speed up cracking WPA-PSK.
1362:
1091:
3509:
3250:
3245:
3235:
3230:
3225:
3220:
3215:
3210:
3200:
3195:
3190:
3185:
3175:
3170:
3165:
3160:
3145:
3140:
3135:
3130:
3125:
1260:
1209:
2408:
585:(TLS) or similar on top of that for the transfer of any sensitive data. However starting from WPA3, this issue has been addressed.
1134:. 2017 International Conference on Information and Telecommunication Technologies and Radio Electronics (UkrMiCo). pp. 1–4.
1119:. 2017 International Conference on Information and Telecommunication Technologies and Radio Electronics (UkrMiCo). pp. 1–4.
722:
attacks. However, it assumes that the attacker is already authenticated against Access Point and thus in possession of the GTK.
408:
629:. The authors say using a short rekeying interval can prevent some attacks but not all, and strongly recommend switching from
1895:
1069:
993:
896:
848:
255:
289:. Some of these devices support WPA only after applying firmware upgrades, which are not available for some legacy devices.
2222:
605:. Additionally, they showed how to decrypt arbitrary packets sent to a client. They mentioned this can be used to hijack a
2149:
2092:
292:
Wi-Fi devices certified since 2006 support both the WPA and WPA2 security protocols. WPA3 is required since July 1, 2020.
108:(APs) were more extensive than those needed on the network cards, most pre-2003 APs could not be upgraded to support WPA.
3679:
3669:
2078:
2027:
1195:
3738:
2518:
1526:
452:
379:
1878:
Halvorsen, Finn M.; Haugen, Olav; Eian, Martin; Mjølsnes, Stig F. (September 30, 2009). "An Improved Attack on TKIP".
1602:
63:
In January 2018, the Wi-Fi Alliance announced the release of WPA3, which has several security improvements over WPA2.
2944:
2463:
2322:
1935:
1808:
1018:
661:
A more serious security flaw was revealed in December 2011 by Stefan Viehböck that affects wireless routers with the
267:
1384:
WPA is both forward and backward-compatible and is designed to run on existing Wi-Fi devices as a software download.
3743:
1512:
824:
2643:
1236:
630:
602:
594:
391:
244:
112:
101:
561:
starting from the four-way authentication handshake exchanged during association or periodic re-authentication.
2925:
928:
666:
617:
messages, and only allowed injection of 3 to 7 packets of at most 28 bytes. The Beck-Tews attack also requires
2900:
606:
2880:
2401:
1855:
419:
175:
168:
126:(CRC) that was used by the WEP standard. CRC's main flaw was that it did not provide a sufficiently strong
1714:
1318:
3309:
2870:
2573:
2488:
2468:
2123:
1556:"Wi-Fi Alliance expands Wi-Fi Protected Access Certification Program for Enterprise and Government Users"
614:
423:
131:
66:
As of 2023, most computers that connect to a wireless network have support for using WPA, WPA2, or WPA3.
1912:
876:. 2009 2nd IEEE International Conference on Computer Science and Information Technology. pp. 48–52.
3712:
2441:
2417:
1563:
703:
442:, though not all implementations enforce this. Otherwise, the data rate will not exceed 54 Mbit/s.
335:
122:, which is designed to prevent an attacker from altering and resending data packets. This replaces the
2374:
1785:
1438:
Each character in the passphrase must have an encoding in the range of 32 to 126 (decimal), inclusive.
1046:
3279:
2478:
2249:
Alhamry, Mohamed; Elmedany, Wael (2022). "Exploring Wi-Fi WPA2 KRACK Vulnerability: A Review Paper".
642:
104:
designed for WEP that began shipping as far back as 1999. However, since the changes required in the
2355:
2057:
2713:
1303:
719:
707:
690:
582:
456:
286:
89:
49:
3717:
2578:
2568:
2548:
2394:
2328:
1652:
731:
342:
123:
119:
1793:
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
751:
running on Linux kernels is not vulnerable against this attack and thus routers running typical
439:
438:. According to the 802.11n specification, this encryption protocol must be used to achieve fast
2890:
2451:
2364:
1960:
1760:
3684:
2807:
2543:
2370:
Weakness in Passphrase Choice in WPA Interface, by Robert Moskowitz. Retrieved March 2, 2004.
1417:
735:
662:
626:
518:
346:
195:
The AP calculating the PTK from these numbers and sending an encrypted message to the client.
105:
1372:
215:
The new standard uses an equivalent 192-bit cryptographic strength in WPA3-Enterprise mode (
3748:
2950:
2698:
2628:
2002:
8:
1978:"Vulnerability Note VU#723755 - WiFi Protected Setup (WPS) PIN brute force vulnerability"
634:
404:
350:
232:
220:
179:
164:
1692:. International Journal of Information and Computer Security. 2014-03-13. Archived from
954:
2708:
2223:"KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know"
1941:
1814:
999:
618:
323:
198:
The client decrypting this message with the PTK, confirming successful authentication.
3381:
3376:
3356:
3340:
3334:
3329:
3324:
3319:
3314:
3304:
3299:
3289:
3284:
2920:
2790:
2750:
2318:
2053:
1931:
1891:
1804:
1585:"Wi-Fi CERTIFIED™ expanded to support EAP-AKA and EAP-FAST authentication mechanisms"
1164:. 2017 13th International Computer Engineering Conference (ICENCO). pp. 323–330.
1149:. 2017 13th International Computer Engineering Conference (ICENCO). pp. 323–330.
1065:
989:
892:
694:
547:
543:
274:
158:
93:
57:
730:
In 2016 it was shown that the WPA and WPA2 standards contain an insecure expository
3274:
2940:
1945:
1923:
1883:
1818:
1796:
1661:
1057:
981:
820:
522:
97:
2251:
2022 International Conference on Data Analytics for Business and Industry (ICDABI)
1832:
1735:
2703:
2381:
2344:
1501:. 2015 International Conference on Communication Networks (ICCN). pp. 53–56.
1003:
578:
263:
178:
with a 128-bit key, enhancing security through the Counter-Mode/CBC-Mac Protocol
146:
2281:"Fragment and forge: Breaking Wi-Fi through frame aggregation and fragmentation"
1887:
1630:
1284:
426:
is significantly stronger in protection for both privacy and integrity than the
88:
The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of
3558:
2688:
2683:
2603:
2553:
2100:
1452:
1367:
1095:
460:
319:
251:
127:
45:
2369:
2280:
1665:
1132:
Test for penetration in Wi-Fi network: Attacks on WPA2-PSK and WPA2-Enterprise
1117:
Test for penetration in Wi-Fi network: Attacks on WPA2-PSK and WPA2-Enterprise
3732:
3664:
3608:
3603:
3598:
3548:
3543:
3538:
3528:
3504:
3480:
3468:
3457:
3446:
3434:
3429:
3424:
3419:
3406:
3395:
2885:
2865:
2718:
2693:
2623:
2513:
2458:
2340:
2093:"Mojo Networks Scalable Secure Cloud Managed WiFi WPA2 Hole196 Vulnerability"
1534:
1513:"Data rate will not exceed 54 Mbps when WEP or TKIP encryption is configured"
551:
1927:
1800:
1210:"Wi-Fi Alliance® introduces Wi-Fi CERTIFIED WPA3™ security | Wi-Fi Alliance"
1061:
872:
Lashkari, Arash Habibi; Danesh, Mir Mohammad Seyed; Samadi, Behrang (2009).
44:) are the three security certification programs developed after 2000 by the
3648:
3638:
3386:
3371:
3366:
3361:
3351:
3294:
2935:
2930:
2915:
2910:
2905:
2855:
2375:
The Evolution of 802.11 Wireless Security, by Kevin Benton, April 18th 2010
598:
259:
145:, to retrieve the keystream from short packets to use for re-injection and
1261:"Wi-Fi Alliance introduces Wi-Fi Certified WPA3 security | Wi-Fi Alliance"
985:
927:
Huang, Jianyong; Seberry, Jennifer; Susilo, Willy; Bunder, Martin (2005).
593:
In 2013, Mathy Vanhoef and Frank Piessens significantly improved upon the
3520:
3260:
3014:
2895:
2860:
2850:
2827:
2822:
2817:
2812:
2795:
2780:
2196:"Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping"
558:
327:
1977:
1920:
Proceedings of the 30th Annual Computer Security Applications Conference
1527:"Wi-Fi Alliance: Definition of EAP (Extensible Authentication Protocol)"
973:
3633:
3628:
2960:
2842:
2775:
2770:
2765:
2760:
2755:
2745:
1882:. Lecture Notes in Computer Science. Vol. 5838. pp. 120–132.
929:"Security analysis of Michael: the IEEE 802.11i message integrity code"
610:
526:
466:
As of 2010 the certification program includes the following EAP types:
331:
262:, resulting in a more secure initial key exchange in personal mode and
550:. WPA passphrase hashes are seeded from the SSID name and its length;
3694:
3674:
3532:
2785:
2678:
2673:
2658:
2648:
2638:
2618:
2613:
2598:
2588:
2583:
2563:
2558:
2538:
2533:
2528:
2523:
2508:
2473:
2268:. 2020 IEEE Symposium on Security and Privacy (SP). pp. 517–533.
1056:. Lecture Notes in Computer Science. Vol. 2595. pp. 76–93.
2965:
2737:
2728:
2446:
2436:
2431:
1319:"The Next Generation of Wi-Fi Security Will Save You From Yourself"
874:
A survey on wireless security protocols (wep, wpa and wpa2/802.11i)
849:"Wi-Fi Alliance® introduces security enhancements | Wi-Fi Alliance"
743:
506:
476:
240:
2315:
IEEE (The Institute of Electrical and Electronics Engineers, Inc.)
2266:
Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
3689:
3485:
3451:
3400:
3345:
3240:
3205:
3180:
3155:
3150:
3120:
3115:
3110:
3104:
3098:
3093:
3088:
3083:
3077:
3071:
3066:
3061:
3056:
3050:
3044:
3039:
3034:
3029:
2974:
2608:
2593:
2386:
2050:"Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate"
1606:"Radius Server software and AAA RADIUS billing systems - Aradial"
1402:. U.S. National Security Agency, Cybersecurity Report. June 2018.
1348:. U.S. National Security Agency, Cybersecurity Report. June 2018.
1196:"WPA3 protocol will make public Wi-Fi hotspots a lot more secure"
752:
748:
686:
680:
646:
622:
500:
494:
470:
412:
304:
236:
224:
216:
2170:
1477:
3552:
3024:
3019:
3009:
3004:
2999:
2994:
2989:
2984:
2979:
2653:
2483:
2359:
1478:"WPA key calculation — From passphrase to hexadecimal key"
978:
2016 International Workshop on Secure Internet of Things (SIoT)
446:
375:
370:
339:
1304:
Wi-Fi Gets More Secure: Everything You Need to Know About WPA3
971:
3410:
3265:
2800:
2663:
2503:
972:
Dragomir, D.; Gheorghe, L.; Costea, S.; Radovici, A. (2016).
933:
International Conference on Embedded and Ubiquitous Computing
774:
768:
557:
Brute forcing of simple passwords can be attempted using the
243:) as the minimum encryption algorithm in WPA3-Personal mode.
2150:"Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys"
974:"A Survey on Secure Communication Protocols for IoT Systems"
361:. WPA-Personal mode is available on all three WPA versions.
2633:
2498:
2493:
2314:
2079:"Is WPA2 Security Broken Due to Defcon MS-CHAPv2 Cracking?"
1877:
1182:"Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3"
1025:
756:
739:
358:
354:
228:
1092:"WPA2 Security Now Mandatory for Wi-Fi CERTIFIED Products"
459:) was certified by the Wi-Fi alliance. In April 2010, the
430:-based TKIP that is used by WPA. Among informal names are
1605:
427:
398:
926:
2028:"Wi-Fi Alliance introduces WPA3 and Wi-Fi Easy Connect"
955:"Battered, but not broken: understanding the WPA crack"
725:
277:
amendment is also enforced by the WPA3 specifications.
2244:
2242:
192:
The client responding with its random number (SNonce).
189:
The AP sending a random number (ANonce) to the client.
1497:
Monga, Kashish; Arora, Vishal; Kumar, Ashish (2015).
588:
525:
Steelbelted RADIUS as well as Aradial Radius server.
1786:"Practical verification of WPA-TKIP vulnerabilities"
1357:
1355:
1175:
1173:
1171:
871:
542:
WPA-Personal and WPA2-Personal remain vulnerable to
273:
Protection of management frames as specified in the
270:
for open Wi-Fi networks that do not have passwords.
258:(SAE) exchange, a method originally introduced with
2239:
1779:
1777:
1160:Abo-Soliman, Mohamed A.; Azer, Marianne A. (2017).
1145:Abo-Soliman, Mohamed A.; Azer, Marianne A. (2017).
326:. This key may be entered either as a string of 64
2365:Wi-Fi Alliance's Interoperability Certificate page
2124:"DEF CON® Hacking Conference - DEF CON 18 Archive"
1651:
130:guarantee for the packets it handled. Well-tested
2157:Proceedings of the 25th USENIX Security Symposium
1913:"Advanced Wi-Fi attacks using commodity hardware"
1911:Vanhoef, Mathy; Piessens, Frank (December 2014).
1686:"Exposing WPA2 security protocol vulnerabilities"
1352:
1168:
601:, which can be executed against any client using
3730:
1774:
1715:"Researchers Outline How to Crack WPA2 Security"
1129:
1114:
16:Security protocol for wireless computer networks
2248:
2148:Vanhoef, Mathy; Piessens, Frank (August 2016).
2147:
1910:
1783:
1499:Analyzing the behavior of WPA with modification
1496:
1159:
1144:
1130:Radivilova, Tamara; Hassan, Hassan Ali (2017).
1115:Radivilova, Tamara; Hassan, Hassan Ali (2017).
843:
841:
1442:The space character is included in this range.
1084:
681:MS-CHAPv2 and lack of AAA server CN validation
305:Target users (authentication key distribution)
174:WPA2 employs the Advanced Encryption Standard
2402:
1179:
2263:
1784:Vanhoef, Mathy; Piessens, Frank (May 2013).
1601:
1475:
838:
517:Commercial 802.1X servers include Microsoft
447:EAP extensions under WPA and WPA2 Enterprise
2141:
653:of TKIP, and 19% exclusively support TKIP.
609:, allowing an attacker to inject malicious
424:message authenticity and integrity checking
96:standard. WPA could be implemented through
2409:
2395:
572:
1952:
1162:A study in WPA2 enterprise recent attacks
1147:A study in WPA2 enterprise recent attacks
759:installations do not exhibit this issue.
1958:
1880:Identity and Privacy in the Internet Age
1313:
1311:
418:The protocol used by WPA2, based on the
2278:
2220:
1833:"Practical Attacks against WEP and WPA"
1631:"Church of Wifi WPA-PSK Rainbow Tables"
1044:
268:Opportunistic Wireless Encryption (OWE)
3731:
911:
886:
685:Several weaknesses have been found in
385:
2390:
1961:"Brute forcing Wi-Fi Protected Setup"
1959:Viehbock, Stefan (26 December 2011).
1440:(IEEE Std. 802.11i-2004, Annex H.4.1)
1308:
1231:
1229:
889:Managing and Troubleshooting Networks
256:Simultaneous Authentication of Equals
92:pending the availability of the full
2264:Vanhoef, Mathy; Ronen, Eyal (2020).
1363:"Wi-Fi Protected Access White Paper"
726:Predictable Group Temporal Key (GTK)
250:The WPA3 standard also replaces the
2121:
1016:
656:
280:
13:
2416:
1795:. ASIA CCS '13. pp. 427–436.
1476:van Rantwijk, Joris (2006-12-06).
1397:"WPA3 Will Enhance WI-FI Security"
1343:"WPA3 Will Enhance WI-FI Security"
1226:
1047:"On the Security of CTR + CBC-MAC"
1019:"On the Security of CTR + CBC-MAC"
589:WPA packet spoofing and decryption
532:
453:Extensible Authentication Protocol
380:Extensible Authentication Protocol
295:
14:
3760:
2297:
529:is an open source 802.1X server.
394:(Temporal Key Integrity Protocol)
364:
231:), and still mandates the use of
1736:"WPA2 wireless security cracked"
1653:"WPA2 wireless security cracked"
1237:"File Download | Wi-Fi Alliance"
1180:Dawn Kawamoto (8 January 2018).
773:In October 2017, details of the
566:
537:
111:The WPA protocol implements the
102:wireless network interface cards
2272:
2257:
2214:
2188:
2163:
2115:
2085:
2071:
2042:
2020:
1995:
1970:
1922:. ACSAC '14. pp. 256–265.
1904:
1871:
1856:"Enhanced TKIP Michael Attacks"
1848:
1825:
1763:. InfoSec Community. 2014-05-02
1753:
1728:
1707:
1678:
1644:
1623:
1595:
1577:
1548:
1519:
1505:
1490:
1469:
1445:
1431:
1406:
1389:
1335:
1297:
1277:
1253:
1202:
1188:
1153:
1138:
1123:
1108:
1038:
762:
422:(AES) cipher along with strong
309:
113:Temporal Key Integrity Protocol
2221:Chacos, Brad; Simon, Michael.
2171:"KRACK Attacks: Breaking WPA2"
1717:. SecurityWeek.Com. 2014-03-24
1589:Wi-Fi Alliance Featured Topics
1531:Wi-Fi Alliance Featured Topics
1285:"Wi-Fi Certified WPA3 Program"
1054:Selected Areas in Cryptography
1010:
965:
947:
920:
905:
880:
865:
817:"Understanding WEP Weaknesses"
809:
793:
784:
742:RT-AC51U router that uses the
185:The 4-way handshake involves:
1:
2303:Official standards document:
802:
369:This enterprise mode uses an
345:to the passphrase, using the
1560:Wi-Fi Alliance Press Release
1453:"IEEE SA - IEEE 802.11-2020"
577:WPA and WPA2 do not provide
485:v0/EAP-MSCHAPv2 (April 2005)
440:802.11n high bitrate schemes
420:Advanced Encryption Standard
132:message authentication codes
7:
1888:10.1007/978-3-642-04766-4_9
1198:. Techspot. 9 January 2018.
914:CWNA Guide to Wireless LANS
548:weak password or passphrase
546:attacks if users rely on a
488:PEAPv1/EAP-GTC (April 2005)
69:
10:
3765:
3713:IEEE Standards Association
1690:Inderscience.metapress.com
1414:"Wi-Fi Alliance: Glossary"
766:
713:
451:Originally, only EAP-TLS (
336:printable ASCII characters
156:
3739:Computer network security
3703:
3657:
3621:
3519:
3259:
2959:
2841:
2736:
2727:
2424:
1666:10.1504/IJICS.2014.059797
891:. Network+. McGraw Hill.
583:Transport Layer Security
457:Transport Layer Security
247:is not allowed in WPA3.
50:Wired Equivalent Privacy
38:Wi-Fi Protected Access 3
30:Wi-Fi Protected Access 2
3744:Cryptographic protocols
3718:Category:IEEE standards
2350:considered for deletion
2279:Vanhoef, Mathy (2017).
1928:10.1145/2664243.2664260
1801:10.1145/2484313.2484368
1062:10.1007/3-540-36492-7_7
1045:Jonsson, Jakob (2003).
732:random number generator
573:Lack of forward secrecy
353:and 4096 iterations of
343:key derivation function
206:
152:
124:cyclic redundancy check
120:Message Integrity Check
2003:""Wi-Fi Easy Connect""
916:. Networking. Thomson.
479:/MSCHAPv2 (April 2005)
106:wireless access points
83:
74:
22:Wi-Fi Protected Access
2307:IEEE Std 802.11i-2004
1761:"Exposing WPA2 Paper"
986:10.1109/siot.2016.012
912:Ciampa, Mark (2006).
887:Meyers, Mike (2004).
663:Wi-Fi Protected Setup
519:Network Policy Server
2097:Airtightnetworks.com
314:Also referred to as
254:(PSK) exchange with
118:WPA also includes a
2253:. pp. 766–772.
2122:Tangent, The Dark.
2103:on 13 November 2015
473:(previously tested)
386:Encryption protocol
2380:2016-03-02 at the
980:. pp. 47–62.
645:, than to protect
619:quality of service
567:Dragonblood attack
3726:
3725:
3617:
3616:
2202:. 16 October 2017
2054:Moxie Marlinspike
1897:978-3-642-04765-7
1071:978-3-540-00622-0
995:978-1-5090-5091-8
898:978-0-07-225665-9
720:denial-of-service
695:Moxie Marlinspike
643:broadcast packets
544:password cracking
159:IEEE 802.11i-2004
98:firmware upgrades
58:IEEE 802.11i-2004
3756:
2734:
2733:
2411:
2404:
2397:
2388:
2387:
2353:
2335:
2334:on May 17, 2005.
2333:
2327:. Archived from
2317:. 23 July 2004.
2312:
2291:
2290:
2288:
2287:
2276:
2270:
2269:
2261:
2255:
2254:
2246:
2237:
2236:
2234:
2233:
2218:
2212:
2211:
2209:
2207:
2192:
2186:
2185:
2183:
2181:
2175:Krackattacks.com
2167:
2161:
2160:
2154:
2145:
2139:
2138:
2136:
2134:
2119:
2113:
2112:
2110:
2108:
2099:. Archived from
2089:
2083:
2082:
2075:
2069:
2068:
2066:
2065:
2056:. Archived from
2046:
2040:
2039:
2037:
2035:
2024:
2018:
2017:
2015:
2013:
1999:
1993:
1992:
1990:
1988:
1974:
1968:
1967:
1965:
1956:
1950:
1949:
1917:
1908:
1902:
1901:
1875:
1869:
1868:
1866:
1865:
1860:
1852:
1846:
1845:
1843:
1842:
1837:
1829:
1823:
1822:
1790:
1781:
1772:
1771:
1769:
1768:
1757:
1751:
1750:
1748:
1747:
1732:
1726:
1725:
1723:
1722:
1711:
1705:
1704:
1702:
1701:
1682:
1676:
1675:
1673:
1672:
1655:
1648:
1642:
1641:
1639:
1638:
1627:
1621:
1620:
1618:
1616:
1599:
1593:
1592:
1581:
1575:
1574:
1572:
1571:
1562:. Archived from
1552:
1546:
1545:
1543:
1542:
1533:. Archived from
1523:
1517:
1516:
1509:
1503:
1502:
1494:
1488:
1487:
1485:
1484:
1473:
1467:
1466:
1464:
1463:
1449:
1443:
1435:
1429:
1428:
1426:
1425:
1416:. Archived from
1410:
1404:
1403:
1401:
1393:
1387:
1386:
1381:
1380:
1371:. Archived from
1359:
1350:
1349:
1347:
1339:
1333:
1332:
1330:
1329:
1315:
1306:
1301:
1295:
1294:
1292:
1291:
1281:
1275:
1274:
1272:
1271:
1257:
1251:
1250:
1248:
1247:
1233:
1224:
1223:
1221:
1220:
1206:
1200:
1199:
1192:
1186:
1185:
1177:
1166:
1165:
1157:
1151:
1150:
1142:
1136:
1135:
1127:
1121:
1120:
1112:
1106:
1105:
1103:
1102:
1088:
1082:
1081:
1079:
1078:
1051:
1042:
1036:
1035:
1033:
1032:
1023:
1017:Jonsson, Jakob.
1014:
1008:
1007:
969:
963:
962:
951:
945:
944:
942:
940:
924:
918:
917:
909:
903:
902:
884:
878:
877:
869:
863:
862:
860:
859:
845:
836:
835:
833:
832:
823:. Archived from
821:Wiley Publishing
813:
657:WPS PIN recovery
523:Juniper Networks
330:digits, or as a
281:Hardware support
3764:
3763:
3759:
3758:
3757:
3755:
3754:
3753:
3729:
3728:
3727:
3722:
3699:
3653:
3613:
3515:
3263:
3255:
2963:
2955:
2837:
2723:
2420:
2415:
2382:Wayback Machine
2338:
2331:
2325:
2310:
2304:
2300:
2295:
2294:
2285:
2283:
2277:
2273:
2262:
2258:
2247:
2240:
2231:
2229:
2219:
2215:
2205:
2203:
2200:Arstechnica.com
2194:
2193:
2189:
2179:
2177:
2169:
2168:
2164:
2152:
2146:
2142:
2132:
2130:
2120:
2116:
2106:
2104:
2091:
2090:
2086:
2081:. 31 July 2012.
2077:
2076:
2072:
2063:
2061:
2048:
2047:
2043:
2033:
2031:
2026:
2025:
2021:
2011:
2009:
2001:
2000:
1996:
1986:
1984:
1976:
1975:
1971:
1963:
1957:
1953:
1938:
1915:
1909:
1905:
1898:
1876:
1872:
1863:
1861:
1858:
1854:
1853:
1849:
1840:
1838:
1835:
1831:
1830:
1826:
1811:
1788:
1782:
1775:
1766:
1764:
1759:
1758:
1754:
1745:
1743:
1734:
1733:
1729:
1720:
1718:
1713:
1712:
1708:
1699:
1697:
1684:
1683:
1679:
1670:
1668:
1650:
1649:
1645:
1636:
1634:
1633:. The Renderlab
1629:
1628:
1624:
1614:
1612:
1600:
1596:
1583:
1582:
1578:
1569:
1567:
1554:
1553:
1549:
1540:
1538:
1525:
1524:
1520:
1511:
1510:
1506:
1495:
1491:
1482:
1480:
1474:
1470:
1461:
1459:
1451:
1450:
1446:
1441:
1436:
1432:
1423:
1421:
1412:
1411:
1407:
1399:
1395:
1394:
1390:
1378:
1376:
1361:
1360:
1353:
1345:
1341:
1340:
1336:
1327:
1325:
1317:
1316:
1309:
1302:
1298:
1289:
1287:
1283:
1282:
1278:
1269:
1267:
1259:
1258:
1254:
1245:
1243:
1235:
1234:
1227:
1218:
1216:
1208:
1207:
1203:
1194:
1193:
1189:
1178:
1169:
1158:
1154:
1143:
1139:
1128:
1124:
1113:
1109:
1100:
1098:
1090:
1089:
1085:
1076:
1074:
1072:
1049:
1043:
1039:
1030:
1028:
1021:
1015:
1011:
996:
970:
966:
953:
952:
948:
938:
936:
925:
921:
910:
906:
899:
885:
881:
870:
866:
857:
855:
847:
846:
839:
830:
828:
815:
814:
810:
805:
796:
787:
771:
765:
728:
716:
683:
659:
647:unicast packets
621:(as defined in
591:
579:forward secrecy
575:
540:
535:
533:Security issues
449:
388:
367:
312:
307:
298:
296:WPA terminology
283:
264:forward secrecy
209:
161:
155:
86:
77:
72:
17:
12:
11:
5:
3762:
3752:
3751:
3746:
3741:
3724:
3723:
3721:
3720:
3715:
3710:
3704:
3701:
3700:
3698:
3697:
3692:
3687:
3682:
3677:
3672:
3667:
3661:
3659:
3655:
3654:
3652:
3651:
3646:
3641:
3636:
3631:
3625:
3623:
3619:
3618:
3615:
3614:
3612:
3611:
3606:
3601:
3596:
3591:
3586:
3581:
3576:
3571:
3566:
3561:
3556:
3546:
3541:
3536:
3525:
3523:
3517:
3516:
3514:
3513:
3501:
3498:
3495:
3492:
3489:
3477:
3474:
3471:
3466:
3463:
3460:
3455:
3443:
3440:
3437:
3432:
3427:
3422:
3417:
3414:
3404:
3392:
3389:
3384:
3379:
3374:
3369:
3364:
3359:
3354:
3349:
3337:
3332:
3327:
3322:
3317:
3312:
3307:
3302:
3297:
3292:
3287:
3282:
3277:
3271:
3269:
3257:
3256:
3254:
3253:
3248:
3243:
3238:
3233:
3228:
3223:
3218:
3213:
3208:
3203:
3198:
3193:
3188:
3183:
3178:
3173:
3168:
3163:
3158:
3153:
3148:
3143:
3138:
3133:
3128:
3123:
3118:
3113:
3108:
3101:
3096:
3091:
3086:
3081:
3074:
3069:
3064:
3059:
3054:
3047:
3042:
3037:
3032:
3027:
3022:
3017:
3012:
3007:
3002:
2997:
2992:
2987:
2982:
2977:
2971:
2969:
2957:
2956:
2954:
2953:
2948:
2938:
2933:
2928:
2923:
2918:
2913:
2908:
2903:
2898:
2893:
2888:
2883:
2878:
2873:
2868:
2863:
2858:
2853:
2847:
2845:
2839:
2838:
2836:
2835:
2830:
2825:
2820:
2815:
2810:
2805:
2804:
2803:
2793:
2788:
2783:
2778:
2773:
2768:
2763:
2758:
2753:
2748:
2742:
2740:
2731:
2725:
2724:
2722:
2721:
2716:
2711:
2706:
2701:
2696:
2691:
2686:
2681:
2676:
2671:
2666:
2661:
2656:
2651:
2646:
2641:
2636:
2631:
2626:
2621:
2616:
2611:
2606:
2601:
2596:
2591:
2586:
2581:
2576:
2571:
2566:
2561:
2556:
2551:
2546:
2541:
2536:
2531:
2526:
2521:
2516:
2511:
2506:
2501:
2496:
2491:
2486:
2481:
2476:
2471:
2466:
2461:
2456:
2455:
2454:
2444:
2439:
2434:
2428:
2426:
2422:
2421:
2418:IEEE standards
2414:
2413:
2406:
2399:
2391:
2385:
2384:
2372:
2367:
2362:
2336:
2323:
2299:
2298:External links
2296:
2293:
2292:
2271:
2256:
2238:
2213:
2187:
2162:
2140:
2114:
2084:
2070:
2041:
2030:. 26 June 2018
2019:
1994:
1969:
1951:
1936:
1903:
1896:
1870:
1847:
1824:
1809:
1773:
1752:
1727:
1706:
1677:
1643:
1622:
1594:
1576:
1547:
1518:
1504:
1489:
1468:
1444:
1430:
1405:
1388:
1368:Wi-Fi Alliance
1351:
1334:
1307:
1296:
1276:
1252:
1225:
1201:
1187:
1184:. DARKReading.
1167:
1152:
1137:
1122:
1107:
1096:Wi-Fi Alliance
1083:
1070:
1037:
1009:
994:
964:
946:
919:
904:
897:
879:
864:
837:
807:
806:
804:
801:
795:
792:
786:
783:
767:Main article:
764:
761:
727:
724:
715:
712:
682:
679:
658:
655:
607:TCP connection
590:
587:
574:
571:
559:Aircrack Suite
552:rainbow tables
539:
536:
534:
531:
511:
510:
504:
498:
492:
489:
486:
480:
474:
461:Wi-Fi Alliance
448:
445:
444:
443:
416:
402:
395:
387:
384:
366:
365:WPA-Enterprise
363:
320:pre-shared key
311:
308:
306:
303:
297:
294:
282:
279:
252:pre-shared key
208:
205:
200:
199:
196:
193:
190:
157:Main article:
154:
151:
128:data integrity
85:
82:
76:
73:
71:
68:
46:Wi-Fi Alliance
15:
9:
6:
4:
3:
2:
3761:
3750:
3747:
3745:
3742:
3740:
3737:
3736:
3734:
3719:
3716:
3714:
3711:
3709:
3706:
3705:
3702:
3696:
3693:
3691:
3688:
3686:
3683:
3681:
3678:
3676:
3673:
3671:
3668:
3666:
3663:
3662:
3660:
3656:
3650:
3647:
3645:
3642:
3640:
3637:
3635:
3632:
3630:
3627:
3626:
3624:
3620:
3610:
3607:
3605:
3602:
3600:
3597:
3595:
3592:
3590:
3587:
3585:
3582:
3580:
3577:
3575:
3572:
3570:
3567:
3565:
3562:
3560:
3557:
3554:
3550:
3547:
3545:
3542:
3540:
3537:
3534:
3530:
3527:
3526:
3524:
3522:
3518:
3511:
3507:
3506:
3502:
3499:
3496:
3493:
3490:
3487:
3483:
3482:
3478:
3475:
3472:
3470:
3467:
3464:
3461:
3459:
3456:
3453:
3449:
3448:
3444:
3441:
3438:
3436:
3433:
3431:
3428:
3426:
3423:
3421:
3418:
3415:
3412:
3408:
3405:
3402:
3398:
3397:
3393:
3390:
3388:
3385:
3383:
3380:
3378:
3375:
3373:
3370:
3368:
3365:
3363:
3360:
3358:
3355:
3353:
3350:
3347:
3343:
3342:
3338:
3336:
3333:
3331:
3328:
3326:
3323:
3321:
3318:
3316:
3313:
3311:
3308:
3306:
3303:
3301:
3298:
3296:
3293:
3291:
3288:
3286:
3283:
3281:
3278:
3276:
3273:
3272:
3270:
3267:
3262:
3258:
3252:
3249:
3247:
3244:
3242:
3239:
3237:
3234:
3232:
3229:
3227:
3224:
3222:
3219:
3217:
3214:
3212:
3209:
3207:
3204:
3202:
3199:
3197:
3194:
3192:
3189:
3187:
3184:
3182:
3179:
3177:
3174:
3172:
3169:
3167:
3164:
3162:
3159:
3157:
3154:
3152:
3149:
3147:
3144:
3142:
3139:
3137:
3134:
3132:
3129:
3127:
3124:
3122:
3119:
3117:
3114:
3112:
3109:
3107:
3106:
3102:
3100:
3097:
3095:
3092:
3090:
3087:
3085:
3082:
3080:
3079:
3075:
3073:
3070:
3068:
3065:
3063:
3060:
3058:
3055:
3053:
3052:
3048:
3046:
3043:
3041:
3038:
3036:
3033:
3031:
3028:
3026:
3023:
3021:
3018:
3016:
3013:
3011:
3008:
3006:
3003:
3001:
2998:
2996:
2993:
2991:
2988:
2986:
2983:
2981:
2978:
2976:
2973:
2972:
2970:
2967:
2962:
2958:
2952:
2949:
2946:
2942:
2939:
2937:
2934:
2932:
2929:
2927:
2924:
2922:
2919:
2917:
2914:
2912:
2909:
2907:
2904:
2902:
2899:
2897:
2894:
2892:
2889:
2887:
2884:
2882:
2879:
2877:
2874:
2872:
2869:
2867:
2864:
2862:
2859:
2857:
2854:
2852:
2849:
2848:
2846:
2844:
2840:
2834:
2831:
2829:
2826:
2824:
2821:
2819:
2816:
2814:
2811:
2809:
2806:
2802:
2801:WiMAX · d · e
2799:
2798:
2797:
2794:
2792:
2789:
2787:
2784:
2782:
2779:
2777:
2774:
2772:
2769:
2767:
2764:
2762:
2759:
2757:
2754:
2752:
2749:
2747:
2744:
2743:
2741:
2739:
2735:
2732:
2730:
2726:
2720:
2717:
2715:
2712:
2710:
2707:
2705:
2702:
2700:
2697:
2695:
2692:
2690:
2687:
2685:
2682:
2680:
2677:
2675:
2672:
2670:
2667:
2665:
2662:
2660:
2657:
2655:
2652:
2650:
2647:
2645:
2642:
2640:
2637:
2635:
2632:
2630:
2627:
2625:
2622:
2620:
2617:
2615:
2612:
2610:
2607:
2605:
2602:
2600:
2597:
2595:
2592:
2590:
2587:
2585:
2582:
2580:
2577:
2575:
2572:
2570:
2567:
2565:
2562:
2560:
2557:
2555:
2552:
2550:
2547:
2545:
2542:
2540:
2537:
2535:
2532:
2530:
2527:
2525:
2522:
2520:
2517:
2515:
2512:
2510:
2507:
2505:
2502:
2500:
2497:
2495:
2492:
2490:
2487:
2485:
2482:
2480:
2477:
2475:
2472:
2470:
2467:
2465:
2462:
2460:
2457:
2453:
2450:
2449:
2448:
2445:
2443:
2440:
2438:
2435:
2433:
2430:
2429:
2427:
2423:
2419:
2412:
2407:
2405:
2400:
2398:
2393:
2392:
2389:
2383:
2379:
2376:
2373:
2371:
2368:
2366:
2363:
2361:
2357:
2351:
2347:
2346:
2342:
2337:
2330:
2326:
2324:0-7381-4074-0
2320:
2316:
2309:
2308:
2302:
2301:
2282:
2275:
2267:
2260:
2252:
2245:
2243:
2228:
2224:
2217:
2201:
2197:
2191:
2176:
2172:
2166:
2158:
2151:
2144:
2129:
2125:
2118:
2102:
2098:
2094:
2088:
2080:
2074:
2060:on 2016-03-16
2059:
2055:
2051:
2045:
2029:
2023:
2008:
2004:
1998:
1983:
1979:
1973:
1962:
1955:
1947:
1943:
1939:
1937:9781450330053
1933:
1929:
1925:
1921:
1914:
1907:
1899:
1893:
1889:
1885:
1881:
1874:
1857:
1851:
1834:
1828:
1820:
1816:
1812:
1810:9781450317672
1806:
1802:
1798:
1794:
1787:
1780:
1778:
1762:
1756:
1741:
1737:
1731:
1716:
1710:
1696:on 2014-03-22
1695:
1691:
1687:
1681:
1667:
1663:
1659:
1654:
1647:
1632:
1626:
1611:
1607:
1603:
1598:
1590:
1586:
1580:
1566:on 2010-08-19
1565:
1561:
1557:
1551:
1537:on 2011-07-26
1536:
1532:
1528:
1522:
1514:
1508:
1500:
1493:
1479:
1472:
1458:
1454:
1448:
1439:
1434:
1420:on 2010-03-04
1419:
1415:
1409:
1398:
1392:
1385:
1375:on 2008-09-14
1374:
1370:
1369:
1364:
1358:
1356:
1344:
1338:
1324:
1320:
1314:
1312:
1305:
1300:
1286:
1280:
1266:
1265:www.wi-fi.org
1262:
1256:
1242:
1241:www.wi-fi.org
1238:
1232:
1230:
1215:
1214:www.wi-fi.org
1211:
1205:
1197:
1191:
1183:
1176:
1174:
1172:
1163:
1156:
1148:
1141:
1133:
1126:
1118:
1111:
1097:
1093:
1087:
1073:
1067:
1063:
1059:
1055:
1048:
1041:
1027:
1020:
1013:
1005:
1001:
997:
991:
987:
983:
979:
975:
968:
961:. 2008-11-06.
960:
956:
950:
934:
930:
923:
915:
908:
900:
894:
890:
883:
875:
868:
854:
853:www.wi-fi.org
850:
844:
842:
827:on 2010-03-18
826:
822:
818:
812:
808:
800:
791:
782:
778:
776:
770:
760:
758:
754:
750:
745:
741:
737:
733:
723:
721:
711:
709:
705:
699:
696:
693:key (work by
692:
688:
678:
674:
670:
668:
664:
654:
650:
648:
644:
638:
636:
633:to AES-based
632:
628:
624:
620:
616:
612:
608:
604:
600:
596:
586:
584:
580:
570:
568:
565:attacks (see
562:
560:
555:
553:
549:
545:
538:Weak password
530:
528:
524:
520:
515:
508:
505:
502:
499:
496:
493:
490:
487:
484:
481:
478:
475:
472:
469:
468:
467:
464:
462:
458:
454:
441:
437:
433:
429:
425:
421:
417:
414:
410:
406:
403:
400:
396:
393:
390:
389:
383:
381:
377:
372:
362:
360:
356:
352:
348:
344:
341:
337:
333:
329:
325:
321:
317:
302:
293:
290:
288:
278:
276:
271:
269:
265:
261:
257:
253:
248:
246:
242:
238:
234:
230:
226:
222:
218:
213:
204:
197:
194:
191:
188:
187:
186:
183:
181:
177:
172:
170:
166:
160:
150:
148:
144:
139:
138:
133:
129:
125:
121:
116:
114:
109:
107:
103:
99:
95:
91:
81:
67:
64:
61:
59:
53:
51:
47:
43:
39:
35:
31:
27:
23:
19:
3707:
3503:
3479:
3445:
3394:
3339:
3103:
3076:
3049:
2343:
2329:the original
2306:
2284:. Retrieved
2274:
2265:
2259:
2250:
2230:. Retrieved
2226:
2216:
2204:. Retrieved
2199:
2190:
2178:. Retrieved
2174:
2165:
2156:
2143:
2131:. Retrieved
2127:
2117:
2105:. Retrieved
2101:the original
2096:
2087:
2073:
2062:. Retrieved
2058:the original
2044:
2032:. Retrieved
2022:
2010:. Retrieved
2006:
1997:
1985:. Retrieved
1981:
1972:
1954:
1919:
1906:
1879:
1873:
1862:. Retrieved
1850:
1839:. Retrieved
1827:
1792:
1765:. Retrieved
1755:
1744:. Retrieved
1742:. 2014-03-20
1739:
1730:
1719:. Retrieved
1709:
1698:. Retrieved
1694:the original
1689:
1680:
1669:. Retrieved
1658:ScienceDaily
1657:
1646:
1635:. Retrieved
1625:
1613:. Retrieved
1609:
1597:
1588:
1579:
1568:. Retrieved
1564:the original
1559:
1550:
1539:. Retrieved
1535:the original
1530:
1521:
1507:
1498:
1492:
1481:. Retrieved
1471:
1460:. Retrieved
1457:SA Main Site
1456:
1447:
1437:
1433:
1422:. Retrieved
1418:the original
1408:
1391:
1383:
1377:. Retrieved
1373:the original
1366:
1337:
1326:. Retrieved
1322:
1299:
1288:. Retrieved
1279:
1268:. Retrieved
1264:
1255:
1244:. Retrieved
1240:
1217:. Retrieved
1213:
1204:
1190:
1161:
1155:
1146:
1140:
1131:
1125:
1116:
1110:
1099:. Retrieved
1086:
1075:. Retrieved
1053:
1040:
1029:. Retrieved
1012:
977:
967:
959:Ars Technica
958:
949:
937:. Retrieved
932:
922:
913:
907:
888:
882:
873:
867:
856:. Retrieved
852:
829:. Retrieved
825:the original
811:
797:
788:
779:
772:
763:KRACK attack
736:access point
729:
717:
700:
684:
675:
671:
660:
651:
639:
627:Access Point
599:port scanner
592:
576:
563:
556:
541:
516:
512:
509:(April 2009)
503:(April 2009)
497:(April 2005)
465:
450:
435:
431:
368:
315:
313:
310:WPA-Personal
299:
291:
284:
275:IEEE 802.11w
272:
260:IEEE 802.11s
249:
214:
210:
201:
184:
173:
162:
142:
135:
117:
110:
94:IEEE 802.11i
87:
78:
65:
62:
60:) standard.
54:
41:
37:
33:
29:
25:
21:
20:
18:
3749:IEEE 802.11
3280:legacy mode
1982:Kb.cert.org
1610:Aradial.com
939:26 February
794:FragAttacks
785:Dragonblood
334:of 8 to 63
328:hexadecimal
3733:Categories
3658:Superseded
2729:802 series
2286:2024-01-01
2232:2018-02-06
2206:16 October
2180:16 October
2159:: 673–688.
2133:16 October
2128:Defcon.org
2107:16 October
2064:2012-08-03
2034:31 January
2012:31 January
1987:16 October
1864:2010-11-15
1841:2010-11-15
1767:2014-05-16
1746:2014-05-16
1721:2014-04-30
1700:2014-04-30
1671:2014-04-30
1637:2019-01-02
1615:16 October
1570:2011-01-20
1541:2011-03-12
1483:2011-12-24
1462:2022-02-06
1424:2010-03-01
1379:2008-08-15
1328:2018-06-26
1290:2018-06-27
1270:2018-06-26
1246:2020-06-20
1219:2020-06-20
1101:2013-02-28
1077:2019-12-11
1031:2010-05-15
858:2018-01-09
831:2010-01-10
803:References
611:JavaScript
527:FreeRADIUS
332:passphrase
3533:Bluetooth
2348:is being
2007:wi-fi.org
935:: 423–432
415:Protocol)
3708:See also
3665:754-1985
3622:Proposed
2966:Ethernet
2452:Revision
2378:Archived
2341:template
1740:Phys.org
744:MediaTek
687:MS-CHAPv
603:WPA-TKIP
595:WPA-TKIP
507:EAP-FAST
491:PEAP-TLS
477:EAP-TTLS
436:AES-CCMP
409:CTR mode
241:CCM mode
233:CCMP-128
221:GCM mode
147:spoofing
70:Versions
3649:P1906.1
3510:Wi-Fi 8
3486:Wi-Fi 7
3452:Wi-Fi 6
3401:Wi-Fi 5
3346:Wi-Fi 4
2425:Current
2227:PCWorld
1946:3619463
1819:7639081
753:OpenWrt
749:Hostapd
714:Hole196
704:Android
623:802.11e
501:EAP-AKA
495:EAP-SIM
471:EAP-TLS
413:CBC-MAC
349:as the
316:WPA-PSK
237:AES-128
225:SHA-384
217:AES-256
143:Michael
52:(WEP).
36:), and
3553:Zigbee
3521:802.15
3261:802.11
2499:1149.1
2360:Curlie
2354:
2345:Curlie
2321:
1944:
1934:
1894:
1817:
1807:
1068:
1002:
992:
895:
376:RADIUS
371:802.1X
340:PBKDF2
3644:P1823
3639:P1699
3634:P1619
3629:P1363
3411:WiGig
3275:-1997
3266:Wi-Fi
2975:-1983
2961:802.3
2843:802.1
2719:42010
2714:29148
2709:16326
2704:16085
2699:14764
2694:12207
2689:11073
2356:Wi-Fi
2339:‹The
2332:(PDF)
2311:(PDF)
2153:(PDF)
1964:(PDF)
1942:S2CID
1916:(PDF)
1859:(PDF)
1836:(PDF)
1815:S2CID
1789:(PDF)
1400:(PDF)
1346:(PDF)
1323:Wired
1050:(PDF)
1022:(PDF)
1004:66466
1000:S2CID
775:KRACK
769:KRACK
411:with
223:with
167:, an
3695:1471
3690:1364
3685:1362
3680:1233
3675:1219
2945:LACP
2684:2050
2679:2030
2674:1905
2669:1904
2664:1902
2659:1901
2654:1900
2649:1855
2644:1850
2639:1849
2634:1815
2629:1801
2624:1800
2619:1733
2614:1722
2609:1685
2604:1675
2599:1667
2594:1666
2589:1619
2584:1613
2579:1603
2574:1596
2569:1588
2564:1584
2559:1547
2554:1541
2549:1516
2544:1497
2539:1451
2534:1394
2529:1355
2524:1284
2519:1278
2514:1275
2509:1164
2504:1154
2494:1076
2489:1016
2484:1014
2479:1003
2319:ISBN
2208:2017
2182:2017
2135:2017
2109:2017
2036:2024
2014:2024
1989:2017
1932:ISBN
1892:ISBN
1805:ISBN
1617:2017
1066:ISBN
1026:NIST
990:ISBN
941:2017
893:ISBN
757:LEDE
740:Asus
708:MiTM
635:CCMP
631:TKIP
521:and
483:PEAP
434:and
405:CCMP
397:The
392:TKIP
359:SHA1
355:HMAC
351:salt
347:SSID
245:TKIP
229:HMAC
207:WPA3
180:CCMP
165:CCMP
153:WPA2
137:TKIP
42:WPA3
34:WPA2
3670:830
3594:.4z
3589:.4g
3584:.4f
3579:.4e
3574:.4d
3569:.4c
3564:.4b
3559:.4a
2886:Qbb
2881:Qaz
2876:Qay
2871:Qat
2866:Qav
2833:.24
2828:.22
2823:.21
2818:.20
2813:.18
2808:.17
2796:.16
2791:.14
2786:.12
2781:.10
2738:802
2474:896
2469:829
2464:828
2459:854
2447:754
2442:730
2437:693
2432:488
2358:at
1924:doi
1884:doi
1797:doi
1662:doi
1058:doi
982:doi
755:or
691:DES
667:PIN
615:ARP
569:).
432:AES
428:RC4
399:RC4
324:key
287:WEP
239:in
227:as
219:in
176:AES
169:AES
100:on
90:WEP
84:WPA
75:WEP
28:),
26:WPA
3735::
3609:.7
3604:.6
3599:.5
3549:.4
3544:.3
3539:.2
3529:.1
3505:bn
3500:bk
3497:bi
3494:bh
3491:bf
3481:be
3476:bd
3473:bc
3469:bb
3465:ba
3462:az
3458:ay
3447:ax
3442:aq
3439:ak
3435:aj
3430:ai
3425:ah
3420:af
3416:ae
3407:ad
3396:ac
3391:aa
3251:df
3246:de
3241:dd
3236:db
3231:da
3226:cz
3221:cy
3216:cx
3211:cw
3206:cv
3201:cu
3196:ct
3191:cs
3186:cr
3181:cq
3176:cp
3171:cn
3166:cm
3161:ck
3156:ch
3151:cg
3146:ce
3141:cd
3136:cc
3131:cb
3126:ca
3121:bz
3116:by
3111:bu
3105:bt
3099:ba
3094:az
3089:av
3084:au
3078:at
3072:aq
3067:an
3062:ak
3057:ah
3051:af
3045:ae
3040:ad
3035:ac
3030:ab
2951:BA
2941:AX
2936:AS
2931:aq
2926:ak
2921:ah
2916:ag
2911:AE
2906:ad
2901:AB
2776:.9
2771:.8
2766:.7
2761:.6
2756:.5
2751:.4
2746:.2
2352:.›
2313:.
2241:^
2225:.
2198:.
2173:.
2155:.
2126:.
2095:.
2052:.
2005:.
1980:.
1940:.
1930:.
1918:.
1890:.
1813:.
1803:.
1791:.
1776:^
1738:.
1688:.
1660:.
1656:.
1608:.
1604:.
1587:.
1558:.
1529:.
1455:.
1382:.
1365:.
1354:^
1321:.
1310:^
1263:.
1239:.
1228:^
1212:.
1170:^
1094:.
1064:.
1052:.
1024:.
998:.
988:.
976:.
957:.
931:.
851:.
840:^
819:.
669:.
637:.
455:-
149:.
3555:)
3551:(
3535:)
3531:(
3512:)
3508:(
3488:)
3484:(
3454:)
3450:(
3413:)
3409:(
3403:)
3399:(
3387:z
3382:y
3377:w
3372:v
3367:u
3362:s
3357:r
3352:p
3348:)
3344:(
3341:n
3335:k
3330:j
3325:i
3320:h
3315:g
3310:f
3305:e
3300:d
3295:c
3290:b
3285:a
3268:)
3264:(
3025:z
3020:y
3015:x
3010:u
3005:j
3000:i
2995:e
2990:d
2985:b
2980:a
2968:)
2964:(
2947:)
2943:(
2896:X
2891:w
2861:Q
2856:p
2851:D
2410:e
2403:t
2396:v
2289:.
2235:.
2210:.
2184:.
2137:.
2111:.
2067:.
2038:.
2016:.
1991:.
1966:.
1948:.
1926::
1900:.
1886::
1867:.
1844:.
1821:.
1799::
1770:.
1749:.
1724:.
1703:.
1674:.
1664::
1640:.
1619:.
1591:.
1573:.
1544:.
1515:.
1486:.
1465:.
1427:.
1331:.
1293:.
1273:.
1249:.
1222:.
1104:.
1080:.
1060::
1034:.
1006:.
984::
943:.
901:.
861:.
834:.
407:(
357:-
318:(
235:(
40:(
32:(
24:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.