What is wpa2 wifi security

What is a WPA2 and how does it work?

Wi-Fi Protected Access II (WPA2) is an encryption standard used to secure the majority of Wi-Fi networks. Despite being commonly referred to as WPA2, the standard is officially known as IEEE 802.11i-2014.

What is WPA2?

WPA2 was first released in 2004. It built on the previous WPA standard to increase data protection and network access control for Wi-Fi networks. When enabled, WPA2 makes it much safer to connect to Wi-Fi because it provides unique encryption keys for each wireless device.

WPA3 may become the new mandatory standard in the future.

WPA2 has been mandatory for all Wi-Fi Alliance certified products since 2006. As a result, officially certified routers and devices have supported WPA2 for over 15 years. This makes WPA2 fairly old, which is why an updated version of the standard, known as WPA3, was ratified in January 2019.

WPA3 implements several security improvements over WPA2 and is now mandatory to gain official Wi-Fi Alliance certification. However, WPA2 is still the primary form of protection on Wi-Fi networks for the time being.

Check out our guide to WPA3 WiFi standard for more information about it.

What is the difference between WPA and WPA2?

The first thing to note is that WPA already contained some important security features found in IEEE 802.11i (WPA2). For example, WPA dynamically generates a new 128-bit key for each packet using the Temporal Key Integrity Protocol (TKIP). This is a vast improvement over the security available in the Wired Equivalent Privacy (WEP) security algorithm that preceded it.

WPA also implements a message integrity check using a Message Authentication Code (MAC). This is designed to prevent an attacker altering, spoofing, or resending data packets.

The crucial difference between these two standards is that WPA2 uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is AES-based encryption (rather than TKIP). AES is a military-grade cipher that results in security being much more robust.

Are all Wi-Fi networks protected with WPA2 or later?

No. Although routers nowadays support WPA2, it is up to the Wi-Fi hotspot administrator to ensure that the encryption is enabled.

When a local network administrator sets up a router, they get a few different security options. If the admin opts to leave the router unsecured, this could leave users who connect to it vulnerable to cyberattacks. As a result, it is impossible to connect to public Wi-Fi confidently without the use of a VPN.

Читайте также:  Grundig телевизор есть ли вай фай

In 2023, the security options available to network administrators setting up a Wi-Fi network are as follows (descending from most secure to least secure):

  • WPA3
  • WPA2 Enterprise
  • WPA2 Personal
  • WPA + AES
  • WPA + TKIP
  • WEP
  • Open Network (no security implemented)

What weaknesses does WPA2 have?

Even when WPA2 is implemented and a password is required to join a Wi-Fi network, it still harbors some potential vulnerabilities.

Passwords can potentially be cracked due to key management vulnerabilities present in the 4-way handshake. In addition to password decryption, this can result in packet replay, TCP connection hijacking, and HTTP content injection. Passwords are also potentially vulnerable to a dictionary attack.

In addition, once any user has access to a WPA2 protected Wi-Fi network, it is possible that they might attack other devices connected to the network. This is why we recommend that you always use a VPN for public Wi-Fi networks.

The KRACK vulnerability can also be exploited to intercept unprotected data passing over the network, which is another reason why it is always recommended for consumers to use a VPN.

Источник

Is a WPA/WPA2 Wi-Fi network secure?

We are going to analyze if Wi-Fi Protected Access version two WPA2 is secure, (WPA) security and Wi-Fi network protection are subjects of concern among network users and administrators, and is often said that WPA can be cracked. Though it is widely accepted that the old Wired Equivalent Privacy (WEP) standard is, in fact, insecure and should be avoided due to its high system vulnerability, not everyone knows how secure a WPA/WPA 2 password can be.

How long does a WPA or WPA2 network password have to be to be secure?

In short, it can be affirmed that a 12-character Wi-Fi network password cannot be decipher using today’s computing capabilities, since the time required to crack the password grows exponentially.

Complexity of cracking a Wi-Fi network password

The following chart shows the complexity of a WPA/WPA 2 Wi-Fi network password and the time required by a hacker to break it.

Character Types Key Length Time required to try all possible combinations Graphics Card Time necessary to compute all possible combinations FPGA
Lower case only / Upper case only (26 possibilities) 8 7 days 1 day, 8 hours
Lower case only / Upper case and numbers only
(36 possibilities)
8 93 days 18 days
Lower and upper case (52 possibilities) 8 4 years, 300 days 353 days
Upper case, lower case, and numbers (62 possibilities) 8 474 years 4 years
Lower case only / Upper case only (26 possibilities) 12 8645 years 1,730 years
Lower case only / Upper case and numbers only (36 possibilities) 12 430,000 years 85,858 years
Upper and lower case (52 possibilities) 12 35 million years 7,083,000 years
Upper case, lower case, and numbers (62 possibilities) 12 292 million years 58,460,000 years
Lower case only / Upper case only (26 possibilities) 16 Infinite Infinite
Lower case only / Upper case and numbers only (36 possibilities) 16 Infinite Infinite
Upper and lower case (52 possibilities) 16 Infinite Infinite
Upper case, lower case, and numbers (62 possibilities) 16 Infinite Infinite
Читайте также:  Android can connect to wifi but no internet

A WPA Wi-Fi network hash is the result of performing several mathematical calculations with a Wi-Fi password, and it can be used by a cracking process to check a password’s validity. To keep it simple, we can affirm that a hash is the same as a Wi-Fi network password. A powerful home graphics card (>€400) can process up to 350,000 WPA/WPA 2 hashes per second, that is to say, it can check the validity of 350,000 passwords in just one second. Commercial Pico FPGA hardware (>€1,000) offers a much powerful performance, being capable of processing 1,750,000 hashes per second. If the Wi-Fi network password is long enough, and it is not based on a dictionary (a predictable word or phrase), it will not be possible to crack it in a short period of time.

Wi-Fi Network Technical Aspects

  • WPS (Wireless Protected Setup) PIN: Home-user Wi-Fi routers normally include WPS functionality for easier password exchange between an access point and a user, without the need for a Wi-Fi network password. This process can be abused by tools like Reaver or wpscrack, allowing the Wi-Fi network password be discovered, no matter how long or complex it could be. First, it is recommended to disable WPS, if supported.
  • Wi-Fi Network Name: WPA or WPA2 encryption algorithm uses the Wi-Fi network name to generate the cryptographic key. In order to prevent cracking attacks by the use of rainbow tables, common or predictable network names should be avoided, such as ‘WLAN_66’, and new unrelated names should be used instead, such as WLAN-YTQZFJ.
  • TKIP or AES CCMP: According to the 802.11 standard, WPA uses a signing algorithm called TKIP, and WPA2 uses the AES CCMP algorithm that is much more powerful and eliminates security breaches such as ‘Beck-Tews’ or ‘Ohigashi-Morii’ attacks. If possible, it is recommended to remove TKIP support, although these attacks are not frequent nowadays.
  • Published Networks: Most devices (phones, PC’s, laptops, etc.) constantly refresh their list of wireless networks available within their reach by sending a Wi-Fi packet known as Probe Request frame. If a user configures a Wi-Fi network incorrectly, and the created password is the same as the network name, anyone using a Wi-Fi scanner will be able to see the network password requested by the user’s device.
  • Administrator Passwords: ADSL routers or cable routers are often the access points for most home Wi-Fi networks. These devices’ default administrator user name and password combinations normally are, ‘admin/admin’, ‘1234/1234’, ‘support/support’, etc., and can be accessed from a web browser using HTTP protocol. Default administrator password has to be changed and access to router administrator panel from other networks, such the Internet, has to be restricted to prevent users from obtaining the Wi-Fi network password from the Internet thanks to a Wi-Fi router configuration bug.
Читайте также:  Нет подключения контроль wi fi

wpa2 secure

Wi-Fi WPA Security Operative Considerations, is WPA2 secure ?

Based on the way we use our Wi-Fi network, there are certain security considerations to keep in mind:

  • Former Personnel: For small to medium size companies, WPA is not recommended due to the inconvenient of changing the network password every time an employee leaves the company. If the password is re-used by several users, or integrated to devices like TPV’s, changing the network password to prevent former employees from accessing the network can be complex. This is why, for these types of environments, the use of Enterprise mechanisms with RADIUS-based authentication is recommended.
  • Communications Interception: If a user intercepts the user authentication process with a Wi-Fi sniffer called 4 way handshake and cracks the Wi-Fi network password, or rather knows the password, he or she could decrypt the traffic of any other user connected to the Wi-Fi network. This is why WPA or WPA2 should be used only in home networks, where normally no network user would attempt to spy on other users’ traffic.

Wi-Fi Security Best Practices:

Below are some additional Wi-Fi security recommendations for keeping a Wi-Fi network secure.

  • Change password periodically: Both home and corporate Wi-Fi WPA passwords should be changed from time to time. 12-character passwords should be changed every 6 months.
  • Disable TKIP: The use of TKIP is not recommended and should be disabled. If TKIP must be used, make sure to use secure passwords of at least 12 characters.
  • Analyze surrounding networks: Use either Acrylic WiFi Free or Acrylic Professional to analyze your surrounding wireless networks and their security settings.
  • Measure signal strength: To improve Wi-Fi coverage and prevent wireless signal to propagate outside the intended coverage area, you can use site survey software such as Acrylic WiFi Heatmaps to measure wireless network coverage. This way, you can adjust your access point settings to avoid signal propagation beyond the intended coverage area, and improve Wi-Fi network performance by selecting an optimal position for the your AP.

Has knowing how WPA security works been useful to you? Please, leave us a comment. We also recommend you to check out our technical article on how secure a hidden Wi-Fi network can be.

Learn if WPA2 is secure enough.

Источник

Оцените статью
Adblock
detector