What’s the Difference Between WPA2 and WPA3?
To really understand this difference we have to tell a little bit of the history since Wi-Fi security has a long past.
once upon a time ....
The original Wired Equivalent Privacy (WEP) for 802.11 wireless networks was inplemented with 802.11a and 802.11b. It used an RC4 stream cipher for encryption and the CRC-32 checksum for integrity. WEP has 64-bit and 128-bit versions. Unfortunately, though, it’s been hacked like a piece of cake and in fact it is garbage!
The Wi-Fi Alliance addressed WEP by moving to Wi-Fi Protected Access (WPA). WPA2 has been commonly used and improved since 2004. Most systems ship with WEP for backward compatibility, but WPA2 is the recommended platform all around the world speacially in DACH region and Europe.
WPA2 utilized the Advanced Encryption Standard (AES) to provide better security along with new handshake protocols. WPA2 has been under attack, too, like PMKID Hashcat, WPA2 KRACK attack etc. WPA2 could make it just a little bit harder for crackers to gain access but could never be an ultimate security solution.
WPA3 was released in June of 2018. Like WPA2, it has WPA3-Personal and WPA3-Enterprise versions. WPA3 forces youto use Protected Management Frames (PMF), whereas the PMF was a late option kinda feature and optional for WPA2. The 128-bit AES encryption employed with WPA2 is still in effect with WPA3, but the enterprise version requires 192-bit AES support. It’s optional for the personal edition.
WPA3 uses the Simultaneous Authentication of Equals (SAE) to replace WPA2’s Pre-Shared Key (PSK) exchange protocol. SAE is a more secure protocol for handling the initial key exchange exploited with the KRACK methode. SAE, also known as Dragonfly Key Exchange, uses forward secrecy and is resistant to offline decryption attacks.
In this post we will look at WPA3-SAE Transition Mode implementation. Your requirements for transition mode are:
• When WPA2-PSK and WPA3-SAE are configured on the same BSS (mixed mode), the AP should reject an association for SAE if PMF is not negotiated for that association
• A WPA3-SAE STA should negotiate PMF when associating to an AP using WPA3-SAE Transition Mode
• When WPA2-PSK and WPA3-SAE are configured on the same BSS (mixed mode), PMF should be set to capable (MFPC bit should be set to 1, and MFPR bit should be set to 0 in the RSN Capabilities field in the RSNE transmitted by the AP)
In the transition mode both WPA3-SAE supported client as well as WPA2-PSK supported clients can connect to same SSID. So in this mode, WPA2-PSK clients’ traffic can be decrypted where as WPA3-SAE clients’ traffic cannot be decrypted even password is compromised.
Here you can see SSID security configuration that enable both WPA2 & WPA3. Note that PMF set to optional as WPA2-PSK clients may not support it.
Let's jump into some packet captures for better illustration!
Also note that AP advertise it is PMF Capable, but set PMF required to False under RSN Capabilities field.
We used NetAlly AirCheckG2 (6c:0b:84:c2:4e:99) and google Pixel3phone (5e:a7:ec:a8:33:ab) for testing. You can filter Pixel3 Phone traffic without control frames using below Wireshark display filter.
wlan.addr==5e:a7:ec:a8:33:ab && not wlan.fc.type==1
As you can see Pixel3 is go through WPA3-SAE (4 auth frames, Ass Req/Res, 4-Way handshake)
If you look at Association Request frame (#156) details, you will see AKM is SAE and both PMF Required & PMF Capable bit set to 1.