What is a WPA2 passphrase

WPA2 - Wi-Fi Protected Access 2 / IEEE 802.11i

WPA2 (Wi-Fi Protected Access 2) or IEEE 802.11i is a standard from 2004 for the authentication and encryption of WLANs based on the IEEE 802.11 specifications. The draft for a standardized encryption method was necessary because encryption with WEP was not really secure. IEEE 802.11i was designed to address the major security shortcomings of WEP.

After the adoption of IEEE 802.11i, the manufacturers' association Wi-Fi Alliance expanded the previous WPA standard with a second version. WPA2 is based on the IEEE 802.11i standard. It should be noted that WPA2 is not identical to IEEE 802.11i. WPA2 only contains part of IEEE 802.11i.

In 2018, the successor WPA3 was specified, which eliminates some errors that could arise when implementing WPA2. In addition, WPA3 has been adapted to the current security situation.

WPA2 security concept

  • Security concept adopted from WPA and expanded.
  • Encryption: AES instead of TKIP (RC4).
  • Weak point: TKIP as fallback (bad).
WPA variant WPAWPA2
Personal fashionAuthenticationPSKPSK
EncryptionTKIP / MICAES-CCMP
Enterprise modeAuthentication802.1x / EAP802.1.x / EAP
EncryptionTKIP / MICAES-CCMP

The main difference between WPA and WPA2 is the encryption method. While WPA uses the less secure TKIP, WPA2 uses the secure AES.
AES (Advanced Encryption Standard) is the successor to the outdated DES (Data Encryption Standard). As a rule, AES brings more data throughput than TKIP. Modern WLAN chipsets contain a hardware accelerator for AES. With TKIP, the internal processor usually has to do the work.

WPA2 Enterprise Mode

WPA2 Enterprise Mode is almost identical to IEEE 802.11i. The difference is the lack of Fast Roaming, which is interesting for VoIP, audio and video applications. With this function, the change between two access points (AP) is carried out faster. The connection is thus uninterrupted.
Authentication via RADIUS is an essential component.

WPA2 Personal Mode

The WPA2 Personal Mode is a stripped-down WPA2 variant that is mainly intended for use in SOHO devices for private users and small businesses. The authentication takes place with a pre-shared key (password).

How IEEE 802.11i and WPA / WPA2 work


During the WPA key negotiation, the stations are assigned roles. The access point is the authenticator (notarized person) and the client of the supplicant (applicant / supplicant). It is precisely defined which side has to send which package at what time and how it has to be responded to.

With WPA or WPA2, the network authentication takes place with a pre-shared key (PSK) or alternatively via a central 802.1x / Radius server. A password with a length of 8 to 63 characters is used. The password is part of a 128-bit individual key that is negotiated between the WLAN client and the access point. The key is also calculated with a 48-bit initialization vector (IV). This makes calculating the WPA key extremely difficult for the attacker.

The repetition of the real key consisting of IV and WPA key only takes place after 16 million packets (2nd24). In heavily used WLANs, the key is only repeated every few hours. To prevent repetition, WPA automatically renegotiates the key at regular intervals. This anticipates the repetition of the real key. For this reason, it is hardly worthwhile for the attacker to eavesdrop on the data traffic between the access point and WLAN clients.

Authentication process in personal mode (4-way handshake)

  1. Client to AP: Authentication Request
  2. AP to client: Challenge Text
  3. Client to AP: Challenge Response
  4. AP to client: Authentication Success / Failure

Is the WLAN password saved on the WLAN client?

The actual WLAN password is not saved, but a pre-shared key (PSK) or the Pairwise Master Key (PMK). The Pairwise Transient Key (PTK) is derived from this and is then used for encryption. The PMK can only be broken by brute force.

How secure is WPA2?

WPA2 has several vulnerabilities.

  • One weak point is the key that encrypts the data packets during broadcasts and multicasts (group key). This key is known to all clients. If an unauthorized person gets this key out, they are able to eavesdrop on the initial key exchange between the client and the access point and get it out. The negotiation of this key is planned daily at least with IEEE 802.11i (86,400 seconds).
  • Another weak point is the WLAN password in Personal Mode. The shorter or simpler this password, the easier it is to guess and the faster a hacker can gain access to the protected network. A long password with random letters, characters and numbers should at least not be that easy to guess. This means that an attacker would have to try every conceivable combination (brute force attack).
  • Another weak point is that a WLAN client authenticates itself to the access point with the WLAN-PSK, but not the other way around. This means that an attacker can pretend to be a known access point and access the data required to crack the password while a fake connection is being established. The weak point is that the attacker does not have to connect to the access point (online attack). The attack does not take place on the AP, but between a client and the access point during registration or authentication. To do this, it is sufficient to passively record this session and later to determine the WLAN PSK using brute force. It is not even necessary to be near the access point. It is sufficient to fool a client into believing that it is this access point.
  • With all routers and access points that support fast roaming according to IEEE 802.11r, attackers can more easily and reliably obtain the hash value required to break the WLAN key. The brute force attack, which is still necessary, then still lasts for hours or days. The attack is then only necessary once.

The actual WPA / WPA2 hack is based on recording a handshake and then trying out all possible PSKs in order to calculate PMK, PTK and KEK in order to calculate the MIC (Message Integrity Check) and compare it with that of the client. If both match, you have the correct WiFi password. The attacker then logs on to the WLAN as a regular user.

WPA2 with pre-shared key is considered to be reasonably secure if a strong password (complex and long) is used or, even better, a central Radius server is used for authentication (enterprise mode).
The use of WPA3 should be the method of choice because it can be assumed that further weak points and simplistic attacks will be found over time.

WLAN attack with KRACK

"KRACK" stands for "Key Reinstallation Attacks" and describes an attack on a weak point in the WPA2 protocol.
When connecting a client to an access point, there is a four-way handshake in which a secret key is generated. In the third of four steps, this secret key can be sent several times. An attacker can intercept and manipulate the key and thus break the encryption. By sending handshake messages again, it is possible to get the client to reinstall a key that has already been used. The keystream is repeated when known content is encrypted. The key can thus be determined. Even if packets have no known content, their decryption is possible in certain cases. In principle, all WLAN clients are affected by this, since it is a weak point at the protocol level that is contained in all implementations.

WiFi hacking and pentesting

Overview: WLAN security

Other related topics:

Product recommendations

Everything you need to know about networks.

Network technology primer

The network technology primer is a book about the basics of network technology, transmission technology, TCP / IP, services, applications and network security.

I want that!

Everything you need to know about networks.

Network technology primer

The network technology primer is a book about the basics of network technology, transmission technology, TCP / IP, services, applications and network security.

I want that!