wpa_supplicant

wpa_supplicant
	Screenshot of wpa_gui
Developer(s)	Jouni Malinen and others
Initial release	April 5, 2003
Stable release	2.11 / July 20, 2024; 2 months ago
Repository	w1.fi/hostap.git ;
Written in	C
Operating system	Cross-platform
Type	WLAN tools
License	BSD
Website	w1.fi/wpa_supplicant/

wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation)^[2] and Haiku.^[3] In addition to being a WPA3 and WPA2 supplicant, it also implements WPA and older wireless LAN security protocols.

Features

Features include:^[4]

WPA-PSK and WPA2-PSK ("WPA-Personal", pre-shared key)
WPA3^[5]
WPA with EAP ("WPA-Enterprise", for example with RADIUS authentication server)
RSN: PMKSA caching, pre-authentication
IEEE 802.11r
IEEE 802.11w
Wi-Fi Protected Setup (WPS)

Included with the supplicant are a GUI and a command-line utility for interacting with the running supplicant. From either of these interfaces it is possible to review a list of currently visible networks, select one of them, provide any additional security information needed to authenticate with the network (for example, a passphrase, or username and password) and add it to the preference list to enable automatic reconnection in the future.^[6]

The graphical user interface is built on top of the Qt library.

wpa_supplicant can authenticate with any of the following EAP (Extensible Authentication Protocol) methods: EAP-TLS, EAP-PEAP (both PEAPv0 and PEAPv1), EAP-TTLS, EAP-SIM, EAP-AKA, EAP-AKA', EAP-pwd, EAP-EKE, EAP-PSK (experimental), EAP-FAST, EAP-PAX, EAP-SAKE, EAP-GPSK, EAP-IKEv2, EAP-MD5, EAP-MSCHAPv2, and LEAP (requires special functions in the driver).^[6]

Vulnerability to KRACK

wpa_supplicant was especially susceptible to KRACK, as it can be manipulated to install an all-zeros encryption key, effectively nullifying WPA2 protection in a man-in-the-middle attack.^[7] Version 2.7 fixed KRACK and several other vulnerabilities.

References

^ "Index of /releases". w1.fi. 2024-07-20. Retrieved 2024-09-19.
^ "wpa_supplicant". Retrieved 2020-09-03.
^ haiku/wpa_supplicant, Haiku, 2019-03-17, retrieved 2020-03-07
^ "wpa_supplicant(8) - Linux man page". Retrieved 2020-03-07.
^ "wpa_supplicant". wiki.archlinux.org. Retrieved 2021-05-18.
^ ^a ^b "Linux WPA Supplicant (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i)". w1.fi. Retrieved 2014-07-04.
^ "Key Reinstallation Attacks disclosure website". KRACK Attacks. Retrieved 26 September 2018. Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake.

External links

[1] "Index of /releases". w1.fi. 2024-07-20. Retrieved 2024-09-19.

[2] "wpa_supplicant". Retrieved 2020-09-03.

[3] haiku/wpa_supplicant, Haiku, 2019-03-17, retrieved 2020-03-07

[4] "wpa_supplicant(8) - Linux man page". Retrieved 2020-03-07.

[5] "wpa_supplicant". wiki.archlinux.org. Retrieved 2021-05-18.

[features-6] "Linux WPA Supplicant (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i)". w1.fi. Retrieved 2014-07-04.

[Paper-7] "Key Reinstallation Attacks disclosure website". KRACK Attacks. Retrieved 26 September 2018. Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Features

Vulnerability to KRACK

See also

References

External links