- WPA3 - SAE - stands for simultaneous authentication of equals. This is a more secure mechanism than the previous WPA2-PSK [1].
- This relies on 3 fundamental components:
- DH - Diffie-hellman key exchange - Helps to generate a common shared key between the two WiFi entities e.g. station and client.
- ECC (elliptic curve cryptography) - Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security [2]. ECC is used once a common pairwise key is generated using the DH key exchange.
- Dragonfly key exchange is a mechanism for key exchange using discrete logarithm cryptography [3]. This is used with the two components above to setup SAE. See the reference for details on how it is setup [3]. Also covered in RFC7664.
labels: WiFi, TLDR, summary article, WPA3, SAE, security,
Reference: