What Is Wpa Wpa2 Password

1 view

Skip to first unread message

Yvone Samiento

unread,

Aug 3, 2024, 11:03:07 AM8/3/24

to vilidownlbus

Wi-Fi Protected Access (WPA) is a security standard for computing devices with wireless internet connections. It was developed by the Wi-Fi Alliance to provide better data encryption and user authentication than Wired Equivalent Privacy (WEP), which was the original Wi-Fi security standard. Since the late 1990s, Wi-Fi security types have gone through multiple evolutions to improve them.

Since wireless networks transmit data through radio waves, data can be easily intercepted unless security measures are in place. Introduced in 1997, Wired Equivalent Privacy (WEP) was the first attempt at wireless protection. The aim was to add security to wireless networks by encrypting data. If wireless data were intercepted, it would be unrecognizable to the interceptors since it had been encrypted. However, systems that are authorized on the network would be able to recognize and decrypt the data. This is because devices on the network make use of the same encryption algorithm.

WEP encrypts traffic using a 64- or 128-bit key in hexadecimal. This is a static key, which means all traffic, regardless of device, is encrypted using a single key. A WEP key allows computers on a network to exchange encoded messages while hiding the messages' contents from intruders. This key is what is used to connect to a wireless-security-enabled network.

However, WPA2 still has drawbacks. For example, it is vulnerable to key reinstallation attacks (KRACK). KRACK exploits a weakness in WPA2, which allows attackers to pose as a clone network and force the victim to connect to a malicious network instead. This enables the hacker to decrypt a small piece of data that may be aggregated to crack the encryption key. However, devices can be patched, and WPA2 is still considered more secure than WEP or WPA.

Individualized data encryption: When logging on to a public network, WPA3 signs up a new device through a process other than a shared password. WPA3 uses a Wi-Fi Device Provisioning Protocol (DPP) system that allows users to use Near Field Communication (NFC) tags or QR codes to allow devices on the network. In addition, WPA3 security uses GCMP-256 encryption rather than the previously used 128-bit encryption.

Stronger brute force attack protection: WPA3 protects against offline password guesses by allowing a user only one guess, forcing the user to interact with the Wi-Fi device directly, meaning they would have to be physically present every time they want to guess the password. WPA2 lacks built-in encryption and privacy in public open networks, making brute force attacks a significant threat.

Knowing your Wi-Fi encryption type is important for your network's security. Older protocols are more vulnerable than newer ones and, therefore, more likely to fall victim to a hacking attempt. This is because older protocols were designed before it was fully understood how hackers attacked routers. The more recent protocols have fixed these exploits and are therefore considered to offer the best Wi-Fi security.

You can read our complete guide to setting up a secure home network here. One of the best ways to stay safe online is through using an up-to-date antivirus solution such as Kaspersky Total Security. This works 24/7 to safeguard you from hackers, viruses, and malware and includes privacy tools to protect you from every angle.

Thanks for your response but apparently t's not true... at least as far as Netgear is concerned. When I enter my Wireless Network Password the installation procedure tells me it is invalid and it specifically asks for theWPA/WPA2 Personal security password. I may be wrong but, like WEP, the WPA/WPA2 Personal security password (some refer to it as a passphrase) is for the device (in my case a Time Capsule), not the network. The Time Capsule is dual bandwidth (2.4 ghz and 5 ghz) and I think if I wanted I could set up each band with its own name and password but each would recognize the same WPA/WPA2 security passphrase

It is possible that one might use the same password or passphrase for the base station, or device password. But generally, this is not a good thing to do. For example, you might have users who are on the wireless network.....because they have the wireless password. If the base station or device password were the same, then those same users would be able to get into the settings for the Time Capsule using AirPort Utility and change the settings, names, passwords, etc.

The only other thing that I can think of here is what is called a "Pre-Shared Key".....which is a long 64 character code that is generated by the password or passphrase. I can't ever recall that this "key" would be ever needed.....and most devices would not accept a 64 character long phrase anyway. It is used only in relation to the wireless network.

If you are using a Mac to administer the Time Capsule, and you know what operating system it is running.......we can tell you how to find the Time Capsule passwords.......wireless, base station, disk, etc......using AirPort Utility, but frankly other than seeing a long 64 character code......I don't think that you will see anything that you do not already know.

The password that was entered in the above attachment is the password used to access my Time Capsule network so it seems as though that will not work. The Time Capsule I have is the second one I've had. Before that I had a dual band device from apple (looked like a flying saucer) but I've never been asked to provide the WPA2 passphrase. I came across the following on the internet..."There are two versions of WPA2:
WPA2 Personal and WPA2 Enterprise. WPA2 Personal protects unauthorized network access by utilizing a setup password. WPA2 Enterprise verifies network users through a server." Possibly I need the setup password. I never heard it described that way but since I don't seem to know it that doesn't surprise me.

BTW, the network name in the image is the name of my network with "_2GEXT" appended by Netgear for the new network thru the extender. There is also another with "_5GEXT"... one for each bandwidth of the Time Capsule.

That is exactly what the Time Capsule is using.....WPA2 Personal.....unless you have changed the default wireless security settings. Apple has been using WPA2 Personal as their default setting for a number of years.

Every password that you have assigned to the Time Capsule will appear, along with the Pre-Shared "Key" that I mentioned previously. The "key" is impressive to look at, but serves little function otherwise.

I think your main problem is likely one that you may not have considered. Apple uses proprietary settings for their "extend" function, which are designed to only allow other Apple devices to wirelessly extend the network.

So, you may have quite a challenge on your hands to get the Netgear device to work the way that you want. It may not be possible. If it won't do what you want, an Apple device will.....in about 60-90 seconds.....virtually automatically. And....it won't add the suffixes at the end of the wireless name.....so you have the same network extended everywhere.

Hello, I was afraid you were going to say that. I found that earlier today and a 64 character key was displayed. However, it still did not help with my netgear installation. At this point I'm fed up. Either the netgear installation is convoluted (I don't believe it is... it should be easy) or the device is defective. In either case I've made arrangements to return it for a refund. I'll look for something else, preferably from apple. I like to minimize vendors.

I was a programmer for 30 years and we had a big poster in the office... it was a picture of Frankenstein and the caption went some like this - when you mix components from different sources you can wind up with a monster.

I'm trying to wrap my head around the WPA/WPA2 4-way handshake in an attempt to determine if it is possible for a rogue wireless access point to retrieve a plaintext (or hashed) version of a router's password that is delivered via a legitimate authentication form prompted by a client's native OS. I have plenty of experience capturing handshakes and cracking them in different pentesting scenarios, but I'm interested in exploring the following scenario:

The client, believing the AP to be a known network, tries to connect, but is initially rejected because the WPA/WPA2 password does not match the password for the true router. For all the client knows, the network is the same, however the administrator has changed the password. A native OS auth form is presented to the client by the OS/Network Manager (likely with a password pre-filled). The client submits the password to the honeypot network that is using the temporary SSID of the trusted network.

???. Is it possible for the honeypot, which is presenting the STA with a legitimate authentication requests (using any arbitrary WPA password on the router) to view the plaintext version of the password that was sent by the STA in an attempt to authenticate? If not, in what format is this password presented to the AP for authentication?

I'm interested in learning the current options (cli/tools) for this kind of phishing attack (again, relying entirely on a naive OS WPA authentication form, not a captive portal type HTML phishing page). If none exist, I'm curious if WPA/WPA2 would even allow for the scenario described in the above steps to occur. I'm a very comfortable programmer and am willing to patch Hostapd or use libpcap to implement this kind of functionality if need be. I just am having trouble determining if this type of attack is even possible.

I would recommend you to understand the four-way handshake of WPA/WPA2 first. The resource in your linked question is very detailed, but the Wikipedia article should also give you an adequate understanding of the process.

It is not necessary that the user inputs the password in the native OS authentication form. If a client finds a network he knows, he automatically try to connect to it. (This is the normal behavior of most clients.) After the association, the four-way handshake is started. Even if the Access Point have a different PSK than the client (e.g. is a rouge honeypot router), the first two messages will be exchanged, because only with the third step the client can verify that the AP has the same PSK. But an attacker needs only the first two messages of a handshake to perform a brute force attack on the PSK. There is a tool for cracking half-way handshakes available on GitHub.