Router Security WiFi Encryption Website by     
Michael Horowitz 
Home Site Index Bugs News Security Checklist Tests DNS Resources Stats Search Popular Pages
Also see my Defensive Computing Checklist website
 
Table of Contents
WPA3 WEP, WPA and WPA2 
WPA2 Enterprise Wi-Fi Passwords

Level Setting: All these types of encryption (WEP, WPA, WPA2, WPA3 and WPA Enterprise) apply only between a wireless device (computer, phone, tablet, IoT) and the router. Once data leaves the router and goes out on the Internet, none of this applies. If the data is a secure (HTTPS) web page, then it is encrypted twice in your home/office, once by the router (with WPA2 probably) and also by the website. When the encrypted web page is traversing the Internet, it is encrypted only once. If a wireless device in your home/office is using a VPN, then the data traveling between that device and the router is, again, double encrypted, once by the router (WPA2 probably) and once by the VPN. And yes, if the data in the VPN tunnel is a secure (HTTPS) web page, then it is triple encrypted while traveling over the air in your home/office.

WPA3

Section updates: First added Aug. 3, 2018, Updated Nov. 3, 2018 | April 11, 2019 | May 18, 2021

May 18, 2021: In a nutshell: WPA3 is more secure that WPA2, but not in any meaningful way. So, don't upgrade your router just to get WPA3.

Improvement 1: With WPA2 it is possible for bad guys to listen to the over-the-air conversation when a device first joins a Wi-Fi network. The encrypted password is in that conversation and bad guys can save a copy of the conversation and guess a billion passwords a second. The official terminology for this is off-line brute force guessing. WPA3 makes it impossible to perform off-line brute force guessing. But, if the WPA2 Wi-Fi password is long enough, brute force guessing might take years, if not decades, to stumble across the password. How long is long enough? This changes over time but my best guess is 15 characters long.

Improvement 2: WPA3 adds Perfect Forward Secrecy (PFS or FS). To illustrate what this means, assume that bad guys captured all your Wi-Fi transmissions on Monday and learned your password on Tuesday. Without Perfect Forward Secrecy they could read the saved transmissions from Monday. With it, they can not. Here again, a sufficiently long WPA2 password offers protection from brute force attacks. However, if someone gives out the Wi-Fi password, then Forward Secrecy is nice to have, assuming you are important enough for bad guys to hang out near your home and record all the Wi-Fi traffic.

Improvement 3: WPA3 has a more secure alternative to WPS. But, the millions of existing devices that depend on WPS are not going to vanish in an instant. So, WPS still needs to be supported. And, many routers that only offer WPA2 do let you disable WPS. Better yet, some WPA2 routers do not even support WPS at all. The WPS replacement is called Wi-Fi Easy Connect and, like WPS, it is meant for wireless devices that have no screen or keyboard (typically IoT). As with everything nowadays, it depends on a smartphone. You scan a QR code on the router, then scan a QR code on the IoT device and it's on your network. I don't know how it works when the router is creating multiple Wi-Fi networks. I would not trust this for quite a while. New software protocols from the Wi-Fi Alliance are best avoided. Their history is one of very poor design. WPA3 itself, is their fourth crack at over-the-air encryption. Easy Connect may turn out to be very secure, but to me, the jury will be out for a couple years.

Improvement 4: Encryption without a password. This feature is called Wi-Fi Enhanced Open and it adds over-the-air encryption to networks that do not require a password. But there are so few "open" networks (no password needed), that I don't see this as a big deal.

- - - - -

April 11, 2019: The Wi-Fi Alliance, which sets Wi-Fi standards, has a history of screwing up. The organization is an industry disgrace. And, it seems that with the WPA3 standard, they are maintaining their miserable reputation. When some qualified techies (Mathy Vanhoef and Eyal Ronen) finally got to evaluate WPA3, they found lots of design flaws. To be clear, these are not coding flaws, they are poor design. Depending on how you count there are at least five design mistakes.

Their website documenting the flaws is Dragonblood. See also

  1. Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security by Shaun Nichols of The Register April 11, 2019
  2. Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords by Dan Goodin of Ars Technica April 11, 2019
  3. Their research paper Dragonblood: A Security Analysis of WPA3’s SAE Handshake

- - - - -

As of July 2018, it is too early to talk about WPA version 3 (WPA3) with any authority. No one has yet kicked the tires on the protocol and it is not clear when devices will even support it. Anything that supports WPA3 should also support WPA2, so there won't be a big bang conversion.

The biggest flaw with WPA2, is that bad guys can make off-line brute force guesses of the Wi-Fi password. Billions and billions of guesses every second. WPA3 should eliminate this flaw. That said, a sufficiently long WPA2 password (over 15?, 16? characters) also eliminates the problem.

Here is an overview of the improvements. Most of this information comes form the Information Assurance website of the NSA, specifically a June 2018 report called WPA3 will Enhance Wi-Fi Security.

The improvements are scheduled in two phases, the first is known as WPA2 enhancements and it is expected to be released before the end of 2018. The second phase is full blown WPA3. WPA3 compliant products are expected to start appearing before the end of 2018. The WPA2 enhancements mandate the use of Protected Management Frames (PMF), more stringent validation of vendor security implementations, and improved consistency in network security configuration.

IEEE 802.11w, the standard that describes PMF, was ratified in 2009 becomes mandatory. Without it, management frames are transmitted unencrypted and their integrity is not verified. PMF ensures integrity of network management traffic, provides protection against eavesdropping, replay and the forging of management action frames. This protects against DoS attacks that use forged deauthentication/disassociation frames to kick clients off a network and force them to authenticate again.

Many wireless vulnerabilities are the result of poor implementation or misconfiguration. WPA2 enhancements will require additional tests on Wi-Fi certified devices to ensure both the use of best practices and that the products yield expected behaviors. The WPA2 enhancement also defines a set of secure cipher suites to prevent an attacker from exploiting a configuration weakness.

Currently Wi-Fi networks can be completely open, no password needed, no encryption used. This will no longer be possible with WPA3 which introduces Opportunistic Wireless Encryption (OWE). OWE provides individualized data encryption to Wi-Fi clients using public open networks. No more eavesdropping. The encryption process is transparent to users. They see and join the Wi-Fi network as they would an Open network. BIG improvement. Technically, OWE uses an unauthenticated Diffie-Hellman key exchange during association, resulting in a Pairwise Master Key (PMK) used to derive the session keys.

Writing for Network World, Eric Geier notes that Wi-Fi Enhanced Open is not officially part of WPA3. Although it is expected be added along with WPA3, it is, nonetheless, optional. Also optional is support for the un-encrypted legacy open connections.

Geier also points out some downsides to the way WPA3 handles Open networks. For one, the Wi-Fi client device may not be able to tell the difference between a secure WPA3 Open network and an insecure WPA2 open network. We just have to wait and see how each operating system handles this. And, shared folders on Wi-Fi clients will be available to everyone on the WPA3 Open network. Finally, it does nothing to defend against evil twin networks.

Another huge improvement was mentioned above, resistance to brute force password guessing. The WPA2 Pre-Shared Key (PSK) mode is gone, replaced by the WPA3 Simultaneous Authentication of Equals (SAE). The big improvement here is that SAE does not transmit the hash of the password in the clear. WPA2-PSK allows bad guys to listen for the password hash and then, when they have it, make a billion guesses a second to convert the hash to the password. SAE limits the number of guesses an attacker can make. The end user experience does not change with SAE, people still enter a password, just as they do now with WPA2-PSK.

With WPA3 each user connection to the router is encrypted with a different key. This is big. Without it, as on WPA2, anyone who knew the Wi-Fi password could spy on other users of the same network. Also, WPA2 did not offer Perfect Forward Secrecy (PFS or just FS). If someone was out to get you they could record your Wi-Fi traffic as it was transmitted over the air (or it could have been recorded by the ISP). With WPA2, once someone learned the Pre-Shared Key, they could go back and decrypt all the old transmissions. With WPA3 this is not possible. Old transmissions remain secret even as time moves forward.

Finally, WPS is being replaced with DPP (Device Provisioning Protocol). As with WPS, DPP aims to be a simple way for devices without a screen or keyboard to join a Wi-Fi network. A DPP-enabled device will have a built-in public key, and a network administrator can bring it onto the network in several ways. One approach is scanning a QR code on the DPP-enabled device with a phone. I am skeptical; anything that tries to be user friendly is likely to not be secure. We'll see how this plays out. As some devices require WPS, it can not be killed off completely. Like WPS, DPP introduces new terminology, a configurator and an enrollee.

The configurator will be a smart phone or tablet that is already part of the network and can provision new devices. How it gets the ability to provision new devices is not clear. How it loses the ability once it is lost or stolen is also not clear. WPS had 4 or 5 different modes of operation and so too does DPP. Devices can be granted access to the network by scanning a QR code, negotiation of a trusted public key using a passphrase/code, NFC, or Bluetooth. Ugh.

Wi-Fi devices have utilized AES with 128 bit keys for data protection for some time. WPA3 will mandate 256-bit encryption and use of CNSA approved cipher suites.

When will WPA3 be available? Eric Geier says a few WPA3 devices should appear by the end of 2018. WPA3 is currently (Nov. 2018) optional and may not be mandatory for as long as two years. While some devices may be upgradeable via software, others will require new hardware.

History tells us that the first version of the protocol is likely to be buggy, either due to the spec itself or specific implementations. And, using WPA3 requires support both in the router/Access point and in the client device (computer, tablet, phone).

A good article: WPA3: How and why the Wi-Fi standard matters by Larry Seltzer, Aug. 2018.

And: Google knows nearly every Wi-Fi password in the world by me September 12, 2013.

WEP, WPA and WPA2  Top Of Page

At first, you might be thinking what more is there to say about WiFi encryption? The basic rules have not changed in a long time and can be boiled down to USE WPA2. But, there is more to it.

Introduction: WiFi supports three different schemes for over-the-air encryption: WEP, WPA and WPA2 (WPA version 2). All of the options encrypt data traveling between a WiFi device and the router or Access Point (AP) that is the source of the wireless network. Once data leaves the router, bound for the Internet at large, WEP, WPA and WPA2 are no longer involved.

As noted everywhere, WPA2 is the best option. However, WPA2 is not a simple On/Off checkbox, there are further options. These additional options are TKIP, AES or CCMP. Do not choose TKIP. Doing so, means you are, in effect, using the less-secure WPA encryption. AES and CCMP are two names for the same thing. Whichever your router uses, chose it.

And, some routers may not offer just WPA2. I have seen routers that only offered a combination of either WPA or WPA2. Stand-alone or exclusive WPA2 is more secure.

Transitioning: A March 2017 article in PC Magazine, The Best Wi-Fi Mesh Network Systems of 2017 starts with a feature overview of nine different mesh systems. The most secure devices at the time offered WPA2: Plume, Eero, Securifi Almond 3 and Google Wifi. Two devices, Luma and Ubiquiti Amplifi still offered WPA (in addition to WPA2). In the "what were they thinking" category are devices that offered WEP: Netgear Orbi, Linksys Velop and Amped Wireless Ally Plus.

If you have an old wireless device that is capable of WPA encryption but not the more recent WPA2 variety, then create a new network on the router that uses WPA encryption and chose an extra long password for it. If possible, this should be a guest network that is isolated from the private network.

If you have an old device that is not capable of either WPA or WPA2 encryption (that is, all it can do is WEP), get rid of it. WEP should not be used.

For more on the old types of encryption see Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both? by Chris Hoffman (December 2014).

WPA2 Enterprise  Top Of Page

Section updates: Sept 20, 2021. Sept. 21, 2019

What everyone knows as WPA2 encryption, is really WPA2 Pre-Shared Key (WPA2 PSK for short). It has also been called WPA2 Personal and it means that each Wi-Fi network (SSID) has one password. A router that creates three WPA2 PSK networks will have one password for each network (they can all be the same, each SSID is a free agent). While it is common to think that WPA2 PSK is the best Wi-Fi security available (at least prior to the release of WPA3) the reality is that WPA2 Enterprise is more secure than WPA2 PSK.

With WPA2 Enterprise there are multiple passwords for each network/SSID. In fact, to logon to a WPA2 Enterprise network a computing device needs to supply both a userid and a password. Large organizations (aka enterprises) love this as each employee gets their own userid/password. When someone leaves the organization, just their userid/password needs to be removed, the other employees are not impacted. And WPA3 Enterprise is also a thing.

I am no expert on WPA2 Enterprise, but I have dabbled in it and I use it every day.

By and large WPA2 Enterprise is too much for consumers. Many consumer routers are not able to create WPA2 Enterprise networks. For example, it is not available on mesh routers from Eero, Google, Linksys (Velop) or Ubiquiti (AmpliFi). It is available on Synology and Peplink routers.

When a router can create a WPA2 Enterprise network, the next issue is maintaining the list of Wi-Fi userids and passwords. This list is normally maintained by software known as a RADIUS server. When a WPA2 Enterprise SSID is created, you need to supply information on how to connect to a RADIUS server. The RADIUS server may reside on the same LAN as the router, in the router itself or it may reside somewhere in the cloud.

I suspect having a RADIUS server on the LAN is probably the most common way this is implemented. I use a Synology NAS device as my RADIUS server. Synology offers RADIUS software as a free download in their app store. QNAP does this too. A Synology NAS already supports multiple userids and these NAS userids/passwords become RADIUS/WiFi userids/passwords.

Another LAN-resident option is to use a Raspberry Pi and install FreeRADIUS software on it. For more on this see Simple & Secure RADIUS by Mike Cifelli.

The simplest option that I know of is offered on a Synology router. As far as I know, Synology is unique in letting you run a RADIUS server on the router itself. I have not tried this as I hated the one Synology router that I tested.

Be aware that some wireless devices, typically IoT devices, are not able to connect to a WPA2 Enterprise network. I have an Internet radio that can not connect to my WPA2 Enterprise SSID. WPA2 Enterprise is supported on desktop operating systems, Chromebooks, iOS and Android.

If nothing else, lots of bad guys have no idea how to hack into a WPA2 Enterprise network :-)

Wi-Fi Passwords  Top Of Page

On October 28, 2021 the topic of WiFi passwords was moved to its own page.



Top 
Page Created: July 13, 2015      
Last Updated: July 6, 2022 8PM CT
Viewed 160,131 times
(50/day over 3,173 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Changelog
Copyright 2015 - 2024