WPA2
Wi-Fi Protected Access 2
The IEEE 802.11i standard (2004) using AES-128 with CCMP for encryption and integrity — a fundamental redesign from WPA/TKIP that replaced RC4 with AES. WPA2 remains the secure baseline for Wi-Fi. With a strong passphrase and patched devices, it is secure against all practical attacks.
WPA2 replaced RC4 with AES-128-CCMP (Counter Mode with CBC-MAC Protocol) — a completely different and far stronger cipher. CCMP provides both encryption (AES-CTR mode) and data integrity (CBC-MAC) in one operation. The four-way handshake derives unique session keys (PTK — Pairwise Transient Key) from the passphrase, both MAC addresses, and random nonces exchanged during association. Each session gets fresh keys, so capturing traffic from one session cannot decrypt another. WPA2 became mandatory for Wi-Fi certified devices in 2006 and remains the baseline security requirement for all modern Wi-Fi networks.
WPA2 key details
| Property | WPA2-Personal (PSK) | WPA2-Enterprise (802.1X) |
|---|---|---|
| Authentication | Pre-shared passphrase | RADIUS server (username/cert) |
| Key derivation | PBKDF2 from passphrase + SSID | EAP exchange + RADIUS |
| Offline attack risk | Dictionary/brute-force on handshake | None (no shared passphrase) |
| Forward secrecy | No (same PMK every session) | Depends on EAP method |
| Setup complexity | Simple (one password) | Complex (RADIUS infrastructure) |
| Typical use | Home, small office | Corporate, university |
WPA2 passphrase strength
WPA2-Personal's security directly depends on passphrase strength. The four-way handshake can be captured passively (no connection required) and subjected to offline dictionary attacks. The PMK (Pairwise Master Key) is derived via PBKDF2-SHA1 with 4096 iterations from the passphrase and SSID — GPU acceleration makes weak passphrases crackable quickly. Best practice: use a passphrase of 20+ random characters, or better, a string of 4+ random words. Avoid dictionary words, names, addresses, or any passphrase under 12 characters. A truly random 20-character passphrase makes brute-force computationally infeasible. WPA3 eliminates this offline attack surface entirely with SAE.
Frequently Asked Questions
What was the KRACK attack and is WPA2 still safe?
KRACK (2017) forced nonce reuse via handshake replay, potentially allowing traffic decryption. It required physical proximity, didn't reveal the passphrase, and was patched by all major OSes within weeks. WPA2 with patched devices remains secure. WPA3 eliminates KRACK entirely. WPA2 is still the recommended minimum.
What is the difference between WPA2-Personal and WPA2-Enterprise?
Personal: one shared passphrase — four-way handshake is capturable and offline-attackable; passphrase strength is critical. Enterprise: individual 802.1X credentials via RADIUS — no shared passphrase to attack, per-user revocation, forward secrecy possible. Enterprise is standard for corporate and university networks.
Should I still use WPA2 or upgrade to WPA3?
WPA2-AES with a strong passphrase is secure for most use. Upgrade to WPA3 for offline dictionary attack protection (SAE), forward secrecy, and encrypted open networks (OWE). Use WPA2/WPA3 mixed mode for gradual transition. Always use AES — never WPA2-TKIP.