Wi-Fi Protected Access is a Wi-Fi protocol that has better security mechanisms than protocols such as WEP by means of handling user authentication and keys more securely. WPA has been further improved by versions such as WPA2 and WPA3
Key Terms
- SSID: The network “name” that you see when you try and connect
- ESSID: An SSID that may apply to multiple access points, eg a company office, normally forming a bigger network. For Aircrack they normally refer to the network you’re attacking.
- BSSID: An access point MAC (hardware) address
- WPA2-PSK: Wifi networks that you connect to by providing a pre-shared password that’s the same for everyone
- WPA2-EAP: Wifi networks that you authenticate to by providing a username and password, which is sent to a RADIUS server.
- RADIUS: A server for authenticating clients, not just for wifi.
The core of WPA(2) authentication is the 4 way handshake.
Most home WiFi networks, and many others, use WPA(2) personal. If you have to log in with a password and it’s not WEP, then it’s WPA(2) personal. WPA2-EAP uses RADIUS servers to authenticate, so if you have to enter a username and password in order to connect then it’s probably that.
Previously, the WEP (Wired Equivalent Privacy) standard was used. This was shown to be insecure and can be broken by capturing enough packets to guess the key via statistical methods.
The 4 way handshake allows the client and the AP to both prove that they know the key, without telling each other. WPA and WPA2 use practically the same authentication method, so the attacks on both are the same.
The keys for WPA are derived from both the ESSID and the password for the network. The ESSID acts as a salt, making dictionary attacks more difficult. It means that for a given password, the key will still vary for each access point. This means that unless you precompute the dictionary for just that access point/MAC address, you will need to try passwords until you find the correct one.