WiFi Security Types Overview
OPN
- Authentication: None
- Cipher: None
Vulnerabilities
- Passive Sniffing
- MITM/evil-twin
- Captive Portal Trust
- MAC Spoofing
WEP
- Authentication: Shared key
- Cipher: RC4
- Authentication: PSK
- Cipher: TKIP/RC4
Vulnerabilities
- Capture PMKID or 4-way handshake for offline PSK cracking.
- WPS weaknesses
- Authentication: PSK (4-way handshake)
- Cipher: CCMP/AES (avoid TKIP/mixed modes)
Vulnerabilities
- Capture PMKID or 4-way handshake for offline PSK cracking.
- WPS weaknesses
- Authentication: 802.1X/EAP (e.g., PEAP-MSCHAPv2, EAP-TTLS, prefer EAP-TLS)
- Cipher: CCMP/AES
Vulnerabilities
- Evil-twin credential capture
WPA3-Personal (SAE)
- Authentication: SAE (dragonfly PAKE)
- Cipher: CCMP-128/GCMP-128
Vulnerabilities
- WPA2 downgrade
- Dragonblood
- Online/side-channel guessing attempts
WPA3-Enterprise (128-bit)
- Authentication: 802.1X/EAP (typically EAP-TLS)
- Cipher: CCMP-128/GCMP-128
Vulnerabilities
- Evil-twin credential capture