 | This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (July 2014) (Learn how and when to remove this message) |
 Screenshot of wpa_gui | |
| Developer(s) | Jouni Malinen and others |
|---|---|
| Initial release | April 5, 2003 (2003-04-05) |
| Stable release | 2.11 / July 20, 2024; 5 months ago (2024-07-20) |
| Repository | |
| Written in | C |
| Operating system | Cross-platform |
| Type | WLAN tools |
| License | BSD |
| Website | w1 |
wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku. In addition to being a WPA3 and WPA2 supplicant, it also implements WPA and older wireless LAN security protocols.
Features
Features include:
- WPA-PSK and WPA2-PSK ("WPA-Personal", pre-shared key)
- WPA3
- WPA with EAP ("WPA-Enterprise", for example with RADIUS authentication server)
- RSN: PMKSA caching, pre-authentication
- IEEE 802.11r
- IEEE 802.11w
- Wi-Fi Protected Setup (WPS)
Included with the supplicant are a GUI and a command-line utility for interacting with the running supplicant. From either of these interfaces it is possible to review a list of currently visible networks, select one of them, provide any additional security information needed to authenticate with the network (for example, a passphrase, or username and password) and add it to the preference list to enable automatic reconnection in the future.
The graphical user interface is built on top of the Qt library.
wpa_supplicant can authenticate with any of the following EAP (Extensible Authentication Protocol) methods: EAP-TLS, EAP-PEAP (both PEAPv0 and PEAPv1), EAP-TTLS, EAP-SIM, EAP-AKA, EAP-AKA', EAP-pwd, EAP-EKE, EAP-PSK (experimental), EAP-FAST, EAP-PAX, EAP-SAKE, EAP-GPSK, EAP-IKEv2, EAP-MD5, EAP-MSCHAPv2, and LEAP (requires special functions in the driver).
Vulnerability to KRACK
wpa_supplicant was especially susceptible to KRACK, as it can be manipulated to install an all-zeros encryption key, effectively nullifying WPA2 protection in a man-in-the-middle attack. Version 2.7 fixed KRACK and several other vulnerabilities.
See also
References
- "Index of /releases". w1.fi. 2024-07-20. Retrieved 2024-09-19.
- "wpa_supplicant". Retrieved 2020-09-03.
- haiku/wpa_supplicant, Haiku, 2019-03-17, retrieved 2020-03-07
- "wpa_supplicant(8) - Linux man page". Retrieved 2020-03-07.
- "wpa_supplicant". wiki.archlinux.org. Retrieved 2021-05-18.
- ^ "Linux WPA Supplicant (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i)". w1.fi. Retrieved 2014-07-04.
- "Key Reinstallation Attacks disclosure website". KRACK Attacks. Retrieved 26 September 2018.
Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake.