Wireless Encryption

Question 1

Wi-Fi Open

Answer 1

No security

Question 2

WEP

Answer 2

Wired Equivalent Privacy

Initialization Vector - very weak - 128 bit key

Question 3

WPA

Answer 3

Wi-Fi Protected Access

Replaced WEP

TKIP and RC4 - Better than WEP but still flawed

Question 4

WPA2

Answer 4

Wi-Fi Protected Access 2

CCMP and AES 128-bit key or higher

Can use pre-shared key or RADIUS server

Question 5

WPS

Answer 5

Wi-Fi Protected Setup

Automated wi-fi setup. VERY BAD - needs to be disabled

Question 6

WPA3

Answer 6

Wi-Fi Protected Access 3

Enterprise Mode - AES-256 and SHA384-hash (integrity)
Personal Mode - CCMP-128 (AES-128 inside CCMP)

If supported, use this. Pre-shared keys removed entirely. Uses Simultaneous Authentication of Equals (SAE) and Perfect Forward Secrecy (PFS)

Question 7

Perfect Forward Secrecy

Answer 7

1. Access point (AP) and client generate a long term pair of keys
2. AP and client exchange a one-time use session key using Diffie-Hellman
3. AP and client encrypt sent messages using session key
4. Client decrypts message using key
5. Repeat process starting at step 2