Wireless encryption is one of the most heavily tested security topics on the CompTIA A+ 220-1102 exam, appearing in roughly 8-12% of Domain 2 (Security) questions. This chapter covers the four generations of Wi-Fi security: WEP, WPA, WPA2, and WPA3. You must understand not just which is strongest, but exactly why each standard was created, how it works at the protocol level, and the specific attack vectors that render older standards insecure. The exam will test your ability to recommend the correct encryption for a given scenario and identify misconfigurations.
Jump to a section
Imagine a series of locks for a shared office door. WEP is like a cheap combination lock where the combination is printed on the lock itself and never changes—anyone who sees it can open the door later. WPA is a better lock that changes the combination every time someone enters, but it uses an old, crackable mechanism. WPA2 is a modern lock with a strong, changeable code, but if someone watches you type it in, they can still get in later if the lock doesn't have forward secrecy. WPA3 is a vault door with a one-time code displayed on a screen that changes each use and is never reused—even if someone records the code, it's useless. The key point: each generation fixes a fundamental flaw in the previous one, from static keys (WEP) to dynamic per-session keys (WPA) to strong AES encryption (WPA2) to simultaneous authentication and forward secrecy (WPA3). On the exam, you must know which lock is which and why each one is broken or secure.
1. Why Wireless Encryption Exists
Wireless networks broadcast data through radio waves. Unlike wired networks, where physical access to the cable is required to intercept traffic, anyone within range of an access point (AP) can capture wireless frames. Without encryption, all data—including passwords, emails, and web traffic—is transmitted in cleartext and can be read with a simple packet sniffer like Wireshark. Encryption ensures that even if frames are captured, the contents remain confidential.
2. WEP (Wired Equivalent Privacy)
History and Purpose: WEP was introduced in 1999 as part of the IEEE 802.11 standard. Its goal was to provide confidentiality equivalent to a wired network. It uses the RC4 stream cipher for encryption and CRC-32 for integrity.
How It Works: - WEP uses a static pre-shared key (PSK) of either 40 bits (64-bit WEP) or 104 bits (128-bit WEP). The key is combined with a 24-bit initialization vector (IV) to create the RC4 key. - The IV is sent in cleartext with each packet. This is a critical flaw: because the IV is only 24 bits, after transmitting about 5,000 packets (2^24 / 2 = ~8.3 million, but in practice due to collisions, 5,000-10,000 packets), the IV will repeat. An attacker can capture two packets with the same IV and perform cryptanalysis to recover the key. - Integrity is provided by a 32-bit CRC-32 checksum, which is linear and can be forged without knowing the key.
Security Issues: - Static key: All clients use the same key. If one client is compromised, the entire network is compromised. - Weak IV: 24-bit IV is too small and transmitted in plaintext. Tools like aircrack-ng can crack WEP in minutes. - No authentication: WEP can use open or shared-key authentication, but both are weak. Shared-key authentication sends the challenge and encrypted response in plaintext, leaking the key. - CRC-32 is not a cryptographic hash; it can be modified by attackers without detection.
Exam Tip: WEP is considered broken and should never be used. The exam expects you to know that WEP uses RC4 and a 24-bit IV. The key length is often confused: 64-bit WEP uses 40-bit key + 24-bit IV; 128-bit WEP uses 104-bit key + 24-bit IV.
3. WPA (Wi-Fi Protected Access)
History and Purpose: WPA was created in 2003 as an interim replacement for WEP while the IEEE 802.11i standard was being finalized. It was designed to be backward-compatible with WEP hardware via firmware upgrades. WPA uses TKIP (Temporal Key Integrity Protocol) as its encryption protocol, which still uses RC4 but with significant improvements.
How TKIP Works: - TKIP still uses RC4, but it introduces per-packet key mixing: each packet gets a unique encryption key derived from the base key, the MAC address of the sender, and the packet sequence number. - The IV is increased to 48 bits (called the TKIP sequence counter, TSC) to prevent IV reuse. - Integrity is provided by Michael (MIC), a 64-bit message integrity code, which is stronger than CRC-32 but still not as strong as a cryptographic hash. - TKIP includes a countermeasure: if two MIC failures are detected within 60 seconds, the AP disassociates all clients and waits 60 seconds before re-enabling TKIP. This prevents brute-force attacks on the MIC.
Authentication Modes: - WPA-Personal (WPA-PSK): Uses a pre-shared key (passphrase) for authentication. The passphrase is between 8 and 63 ASCII characters. The PSK is derived from the passphrase and the SSID using PBKDF2 (Password-Based Key Derivation Function 2) with 4096 iterations of HMAC-SHA1. - WPA-Enterprise: Uses 802.1X authentication with a RADIUS server. This provides per-user authentication and dynamic key generation.
Security Issues: - TKIP is still based on RC4, which has known weaknesses. The Michael MIC is vulnerable to a forgery attack known as the Beck-Tews attack, which can decrypt traffic in 12-15 minutes under certain conditions. - TKIP is deprecated and should not be used if WPA2 is available.
Exam Tip: WPA uses TKIP/RC4. The exam may ask about the MIC countermeasure (60-second timeout). Know that WPA-PSK uses PBKDF2 with 4096 iterations.
4. WPA2 (Wi-Fi Protected Access 2)
History and Purpose: WPA2 is the full implementation of the 802.11i standard, ratified in 2004. It replaces TKIP with CCMP (Counter Mode CBC-MAC Protocol), which uses AES (Advanced Encryption Standard) in Counter mode for encryption and CBC-MAC for integrity. WPA2 is mandatory for all Wi-Fi Certified devices since 2006.
How CCMP Works: - AES-CCMP uses a 128-bit key and operates on 128-bit blocks. It provides both encryption (AES in CTR mode) and integrity (CBC-MAC). The same key is used for both, but the counter ensures that the encryption and integrity operations are independent. - The packet number (PN) is 48 bits, used as a nonce to prevent replay attacks. - CCMP provides strong confidentiality, integrity, and authentication.
Authentication Modes: - WPA2-Personal (WPA2-PSK): Uses a pre-shared key. The 4-way handshake is used to derive session keys. The handshake involves: 1. AP sends ANonce (AP's random number) 2. Client sends SNonce (client's random number) and MIC 3. AP sends GTK (Group Temporal Key) and MIC 4. Client sends ACK - WPA2-Enterprise: Uses 802.1X with a RADIUS server. The EAP (Extensible Authentication Protocol) method determines the authentication process (e.g., PEAP, EAP-TLS).
Security Issues: - WPA2 is vulnerable to the KRACK (Key Reinstallation Attack) discovered in 2017. KRACK exploits the 4-way handshake: an attacker forces the client to reinstall an already-used key, resetting the nonce and allowing packet replay and decryption. This attack affects both WPA2-Personal and WPA2-Enterprise. - WPA2-PSK is vulnerable to offline dictionary attacks if the passphrase is weak. The attacker captures the 4-way handshake and then tries potential passphrases against the handshake.
Exam Tip: WPA2 uses AES-CCMP. It is currently the minimum acceptable encryption for most networks. The exam may ask about the 4-way handshake and KRACK. Know that WPA2-Enterprise uses 802.1X and RADIUS.
5. WPA3 (Wi-Fi Protected Access 3)
History and Purpose: WPA3 was announced in 2018 and is the latest generation of Wi-Fi security. It addresses the vulnerabilities of WPA2, particularly KRACK and weak passphrase attacks. WPA3 uses SAE (Simultaneous Authentication of Equals) for personal mode, based on the Dragonfly handshake, which provides forward secrecy and resistance to offline dictionary attacks.
How SAE Works: - SAE uses a finite cyclic group (e.g., an elliptic curve or a prime modulus group) and a password to derive a cryptographically strong shared secret. The handshake involves two messages: 1. Both parties generate a secret and send a commitment (a hash of the secret) and a scalar (a value derived from the password). 2. They exchange confirmations to verify knowledge of the password. - Even if an attacker captures the handshake, they cannot perform an offline dictionary attack because the password is never directly used in the handshake—only the derived secret is used. The handshake also provides forward secrecy: if the long-term password is later compromised, past session keys remain secure.
Encryption: WPA3 uses GCMP (Galois/Counter Mode Protocol) with AES-256 for encryption and integrity. GCMP is more efficient than CCMP and supports higher data rates.
Additional Features: - Opportunistic Wireless Encryption (OWE): WPA3 includes OWE as an option for open networks. OWE uses Diffie-Hellman key exchange to encrypt traffic even without authentication. This replaces the old "captive portal" approach where traffic was initially unencrypted. - Easy Connect: A QR code-based method for onboarding devices without sharing a passphrase.
Modes: - WPA3-Personal (SAE) - WPA3-Enterprise (with 192-bit minimum security suite, using EAP-TLS with AES-256-GCMP)
Security Issues: - WPA3 is not vulnerable to KRACK because SAE uses a different key derivation process that prevents key reinstallation. - However, WPA3 has its own vulnerabilities: the Dragonblood attacks (2019) exploit timing side channels in some implementations of SAE. These attacks allow an attacker to perform a dictionary attack offline if the implementation does not use constant-time operations. - WPA3 transition mode (which allows WPA2 devices to connect) can be attacked by forcing a downgrade to WPA2.
Exam Tip: WPA3 uses SAE and AES-256-GCMP. It provides forward secrecy and protection against offline dictionary attacks. The exam may ask about OWE for open networks. Know that WPA3 is backward-compatible via transition mode but that transition mode weakens security.
6. Comparison Summary
| Feature | WEP | WPA | WPA2 | WPA3 | |---------|-----|-----|------|------| | Encryption | RC4 | RC4/TKIP | AES-CCMP | AES-GCMP | | Key length | 64/128 bit | 128 bit | 128 bit | 128/256 bit | | Integrity | CRC-32 | Michael MIC | CBC-MAC | GMAC | | Authentication | Open/Shared | PSK/802.1X | PSK/802.1X | SAE/802.1X | | IV size | 24 bits | 48 bits | 48 bits | 48+ bits | | Known attacks | Weak IV, key recovery | Beck-Tews, MIC forgery | KRACK, dictionary | Dragonblood (side-channel) | | Status | Deprecated | Deprecated | Acceptable | Recommended |
7. Configuration Commands (Windows)
To check the current wireless encryption on a Windows client:
netsh wlan show profiles
netsh wlan show profile name="ProfileName" key=clearThe output will show the authentication and encryption methods (e.g., WPA2-Personal, AES).
On a typical SOHO router, you configure wireless security via the web interface. The options usually include:
WEP (Open or Shared)
WPA-TKIP
WPA2-AES (or WPA2-CCMP)
WPA2-Mixed (allows both TKIP and AES)
WPA3-SAE (if supported)
WPA3-Transition (allows WPA2 and WPA3)
Best practice: Select WPA2-AES or WPA3-SAE only. Avoid mixed modes as they allow downgrade attacks.
8. Interaction with Related Technologies
MAC Filtering: Encryption does not prevent MAC spoofing. MAC filtering is a weak additional control.
Captive Portals: OWE (WPA3) can encrypt traffic before the user authenticates to the portal, preventing eavesdropping on the portal page.
RADIUS: WPA2/3-Enterprise relies on RADIUS for authentication. The RADIUS server must be properly secured.
WPS (Wi-Fi Protected Setup): WPS is a separate feature that allows easy connection via PIN or push button. WPS PIN is vulnerable to brute-force attacks and should be disabled. WPA3 does not use WPS; it uses Easy Connect instead.
WEP Encryption Process
The sender takes the plaintext data and computes a 32-bit CRC-32 checksum. The plaintext and checksum are concatenated. The sender generates a 24-bit IV and appends it to the WEP key (40 or 104 bits) to form the RC4 seed. RC4 generates a keystream, which is XORed with the plaintext+checksum to produce the ciphertext. The IV is prepended to the ciphertext in cleartext and transmitted. The receiver extracts the IV, combines it with its own key, generates the same keystream, and XORs to recover the plaintext and checksum. The receiver verifies the checksum; if it matches, the packet is accepted. This process is vulnerable because the IV is reused after ~5000 packets, allowing an attacker to recover the keystream.
WPA TKIP Encryption Process
TKIP begins with a base key (128 bits). For each packet, the base key is mixed with the sender's MAC address and the 48-bit packet sequence number (TSC) to produce a unique per-packet RC4 key. The TSC is incremented for each packet and is included in the packet header. The plaintext is combined with the Michael MIC (computed using a separate 64-bit key derived from the base key) and then encrypted with RC4 using the per-packet key. The receiver checks the TSC for replay (must be strictly increasing), regenerates the per-packet key, decrypts, and verifies the MIC. If two MIC failures occur within 60 seconds, the AP disassociates all clients and pauses for 60 seconds.
WPA2 4-Way Handshake
The handshake begins after the client associates with the AP. The AP sends an EAPOL-Key frame containing an ANonce (128-bit random number). The client generates its own SNonce (128-bit random number) and derives the Pairwise Transient Key (PTK) from the PMK (which is derived from the PSK or from 802.1X authentication), plus both nonces and both MAC addresses. The client sends its SNonce and a MIC (Message Integrity Code) to the AP. The AP derives the same PTK and verifies the MIC. The AP then sends the GTK (Group Temporal Key) encrypted with the PTK, along with a MIC. The client decrypts the GTK, installs the keys, and sends an ACK. The PTK is used for unicast traffic; the GTK is used for broadcast/multicast traffic.
WPA3 SAE Handshake
SAE uses a password-authenticated key exchange. Both parties (client and AP) agree on a finite cyclic group (e.g., elliptic curve). Each party generates a random private value and computes a scalar (based on the password and the private value) and a commitment (a hash of the scalar and the element). They exchange scalars and commitments. Each party then computes a shared secret using the other's scalar and its own private value. They then exchange confirmations: each party hashes the shared secret and the other's commitment. If the confirmations match, the authentication succeeds. The shared secret is used to derive the PMK. Because the password is never transmitted, offline dictionary attacks are infeasible.
KRACK Attack on WPA2
KRACK targets the 4-way handshake. An attacker places themselves between the client and AP (man-in-the-middle). During step 3 of the handshake, the AP sends the GTK encrypted with the PTK. The attacker captures this frame but blocks it from reaching the client. The client does not receive the GTK and will retransmit its own message (step 2) to the AP. The attacker can then replay the captured message 3 to the client multiple times. Each time the client receives it, it reinstalls the same PTK and GTK, resetting the nonce (packet number). This allows the attacker to replay packets and, in some cases, decrypt traffic. The attack affects both personal and enterprise modes.
Enterprise Scenario 1: Retail Chain with Legacy WEP
A regional retail chain had 50 stores using WEP for their wireless inventory scanners. During a security audit, it was discovered that an attacker could sit in the parking lot and capture the WEP key in under 10 minutes using aircrack-ng. Once the key was obtained, the attacker could connect to the internal network and access the point-of-sale (POS) system. The fix was upgrading all APs and scanners to WPA2-AES. However, some older scanners only supported WEP, so they had to be replaced. The lesson: WEP is not just weak—it is trivial to crack, and any device that still uses it must be retired. The exam may test this by asking which encryption standard is suitable for legacy devices (answer: none; they must be upgraded).
Enterprise Scenario 2: University Campus with WPA2-Enterprise
A large university deployed WPA2-Enterprise with PEAP-MSCHAPv2 for its campus-wide Wi-Fi. Each student and staff member had unique credentials. The problem: attackers set up rogue APs with the same SSID and captured the MSCHAPv2 challenge-response, which could be cracked offline. The solution was to switch to EAP-TLS with client certificates, which provides mutual authentication and prevents rogue AP attacks. Additionally, the university enabled WPA3-Enterprise with 192-bit security for critical areas like the financial department. The exam may ask about the difference between PEAP and EAP-TLS: EAP-TLS requires certificates on both client and server, while PEAP only requires a server certificate.
Enterprise Scenario 3: Coffee Shop with Open Network and OWE
A coffee shop offered free Wi-Fi but wanted to protect customers from eavesdropping. Previously, they used a captive portal with no encryption, meaning anyone could sniff traffic. With WPA3, they enabled OWE (Opportunistic Wireless Encryption). Now, even without a password, the traffic between the client and AP is encrypted using Diffie-Hellman key exchange. However, OWE does not authenticate the client, so the network is still open to anyone. The shop also enabled a separate WPA2-PSK network for employees. The exam may test OWE as a feature of WPA3 that encrypts open networks.
220-1102 Objective 2.4: Compare and contrast wireless security protocols and authentication methods.
What the exam tests: - You must be able to identify which encryption standard is in use based on a description (e.g., "uses TKIP and RC4" = WPA). - You must know the key lengths: WEP 64/128-bit, WPA/TKIP 128-bit, WPA2-AES 128-bit, WPA3-AES 128/256-bit. - You must know the attack vectors: WEP (IV reuse), WPA (MIC forgery), WPA2 (KRACK, dictionary attacks), WPA3 (Dragonblood side-channel). - You must know the authentication methods: PSK (Personal) vs. 802.1X (Enterprise). - You must know that WPA3 introduces SAE and OWE.
Common wrong answers and why candidates choose them: 1. "WPA uses AES" – Candidates confuse WPA with WPA2. WPA uses TKIP/RC4, not AES. WPA2 uses AES-CCMP. This is a very common trap. 2. "WEP uses 128-bit encryption" – While 128-bit WEP exists, the key is only 104 bits plus 24-bit IV. The exam may ask for the effective key length. Many candidates think 128-bit means the key is 128 bits. 3. "WPA2-PSK is vulnerable to offline dictionary attacks because the handshake can be captured" – This is true, but candidates may think only WPA3 prevents this. WPA2-PSK is indeed vulnerable; WPA3-Personal (SAE) prevents offline dictionary attacks. 4. "WPA3 uses AES-CCMP" – WPA3 uses AES-GCMP, not CCMP. CCMP is used by WPA2. The 'G' stands for Galois, which is more efficient. 5. "WPA2-Enterprise uses a pre-shared key" – This is false; Enterprise uses 802.1X and a RADIUS server. Personal uses PSK.
Specific numbers and terms that appear verbatim: - "24-bit IV" for WEP - "TKIP" and "RC4" for WPA - "AES-CCMP" for WPA2 - "SAE" and "AES-GCMP" for WPA3 - "4-way handshake" for WPA2 - "KRACK" vulnerability - "Forward secrecy" for WPA3 - "OWE" for open networks
Edge cases: - Mixed mode (WPA2/WPA3 transition) is less secure because an attacker can force a downgrade to WPA2. - WPA3-Enterprise with 192-bit minimum security suite is optional; not all WPA3 devices support it. - Some older devices may not support WPA3; they require WPA2 or even WPA.
How to eliminate wrong answers: - If the question mentions "RC4" or "TKIP", it cannot be WPA2 or WPA3. Eliminate those. - If the question mentions "capturing the handshake to crack the password", it describes WPA2-PSK, not WPA3. - If the question mentions "open network encryption", it is OWE (WPA3). - If the question mentions "dictionary attack", WPA3-Personal is resistant; WPA2-Personal is not.
WEP uses RC4 with a 24-bit IV and CRC-32 integrity; it is completely broken and deprecated.
WPA uses TKIP/RC4 with a 48-bit IV and Michael MIC; it is deprecated due to vulnerabilities.
WPA2 uses AES-CCMP with a 128-bit key; it is currently the minimum acceptable standard.
WPA3 uses AES-GCMP with SAE authentication; it provides forward secrecy and resists offline dictionary attacks.
WPA2-Personal is vulnerable to offline dictionary attacks via captured 4-way handshake; WPA3-Personal is not.
WPA3-Enterprise offers 192-bit minimum security suite for high-security environments.
OWE (Opportunistic Wireless Encryption) is a WPA3 feature that encrypts open networks without authentication.
Always use WPA2-AES or WPA3; avoid WEP, WPA-TKIP, and mixed modes.
These come up on the exam all the time. Here's how to tell them apart.
WPA2-Personal
Uses PSK (Pre-Shared Key) for authentication.
Encryption: AES-CCMP (128-bit).
Vulnerable to offline dictionary attacks if handshake is captured.
Vulnerable to KRACK (Key Reinstallation Attack).
No forward secrecy: if PSK is compromised, past sessions can be decrypted.
WPA3-Personal
Uses SAE (Simultaneous Authentication of Equals) for authentication.
Encryption: AES-GCMP (128 or 256-bit).
Resistant to offline dictionary attacks due to SAE handshake.
Not vulnerable to KRACK.
Provides forward secrecy: past sessions remain secure even if password is compromised.
Mistake
WPA2 uses TKIP for encryption.
Correct
WPA2 uses CCMP with AES-128. TKIP is used by WPA, not WPA2. Some devices support WPA2 mixed mode that allows TKIP, but this is not standard WPA2 and is deprecated.
Mistake
WEP 128-bit encryption means the key is 128 bits long.
Correct
128-bit WEP uses a 104-bit key plus a 24-bit IV. The effective key length is 104 bits. The IV is transmitted in plaintext and reused, making the effective security much lower.
Mistake
WPA3 is completely secure and has no vulnerabilities.
Correct
WPA3 has vulnerabilities, notably the Dragonblood attacks that exploit timing side channels in SAE implementations. Additionally, transition mode (WPA3/WPA2) can be downgraded to WPA2.
Mistake
WPA2-Enterprise is more secure than WPA2-Personal because it uses a different encryption algorithm.
Correct
Both use the same encryption (AES-CCMP). The difference is authentication: Enterprise uses 802.1X with per-user credentials, while Personal uses a shared passphrase. Enterprise is generally more secure because it provides individual authentication and dynamic keys.
Mistake
WPA3-Personal uses a pre-shared key like WPA2-Personal.
Correct
WPA3-Personal uses SAE (Simultaneous Authentication of Equals), which is a password-authenticated key exchange. It does not transmit the password and provides forward secrecy. It is resistant to offline dictionary attacks, unlike WPA2-PSK.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Both use the same encryption (AES-CCMP). The difference is authentication: Personal uses a pre-shared key (PSK) that is the same for all clients, while Enterprise uses 802.1X with a RADIUS server, providing per-user credentials and dynamic key generation. Enterprise is more secure because credentials are unique per user and can be revoked individually. On the exam, if a scenario involves a business with many employees, Enterprise is the correct choice.
WEP has multiple flaws: it uses a static key that is shared among all clients; the initialization vector (IV) is only 24 bits and transmitted in plaintext, leading to IV reuse after about 5,000 packets; the CRC-32 integrity check is not cryptographic and can be forged; and the RC4 cipher has known weaknesses. Tools like aircrack-ng can crack WEP in minutes. The exam expects you to know that WEP should never be used.
KRACK (Key Reinstallation Attack) exploits the 4-way handshake of WPA2. An attacker forces a client to reinstall an already-used key, resetting the nonce and allowing packet replay and decryption. It affects both WPA2-Personal and WPA2-Enterprise. WPA3 is not vulnerable because it uses SAE, which does not have the same handshake. The exam may ask which standard is immune to KRACK.
TKIP (Temporal Key Integrity Protocol) is used by WPA and is based on RC4. It includes per-packet key mixing, a 48-bit IV, and Michael MIC. CCMP (Counter Mode CBC-MAC Protocol) is used by WPA2 and uses AES-128 for both encryption and integrity. CCMP is much stronger and is the standard for WPA2. The exam may ask which encryption protocol is used by WPA2.
SAE (Simultaneous Authentication of Equals) is the authentication method used in WPA3-Personal. It uses a password-authenticated key exchange based on the Dragonfly handshake. Unlike WPA2-PSK, which transmits a hash of the password in the 4-way handshake, SAE never exposes the password to the network. This prevents offline dictionary attacks. SAE also provides forward secrecy, so past session keys remain secure even if the password is later compromised.
Yes, through WPA3 transition mode, which allows both WPA2 and WPA3 devices to connect. However, this reduces security because an attacker can force a downgrade to WPA2. For maximum security, use WPA3-only mode if all devices support it. The exam may test that transition mode is less secure.
OWE (Opportunistic Wireless Encryption) is a WPA3 feature that encrypts traffic on open networks (networks without a password). It uses Diffie-Hellman key exchange to establish an encrypted connection between the client and AP. It does not authenticate the client, so the network remains open. OWE is ideal for public Wi-Fi hotspots where you want to protect users from eavesdropping but cannot require a password. The exam may ask which technology encrypts open networks.
You've just covered Wireless Encryption: WEP, WPA, WPA2, WPA3 — now see how well it sticks with free 220-1102 practice questions. Full explanations included, no account needed.
Done with this chapter?