First Wifi products are now coming to the market that support WPA-3 personal mode authentication and ciphering key exchange so I thought it would be a good idea to have a closer look at how it works and why an update was necessary.
To answer the last question first: WPA-2 PSK (Pre-Shared Key) uses the Wifi password as basis for all authentication and encryption exchanges between Wifi access point and clients. Many networks only use short and thus very weak passwords, and brute forcing them offline without interaction with the network has become quite feasible with current generation computing hardware. WPA-3 tries to address this issue with a new authentication scheme referred to as ‘Simultaneous Authentication of Equals’ (SAE). It is based on Diffie Hellman Elliptic Curve Public/Private keypair generation algorithms that are also used for generating ciphering keys for secure HTTPS connections today.
The mathematical details of the process can be found in RFC 7664 and a good higher level description can be found here. Still, it took me quite a few hours to understand the principles, so I though I’d assemble a less mathematically focused description on the basics of WPA-3 SAE and how it is used in practice:
Continue reading What Is Wifi WPA-3 Personal Mode Authentication?