SAE
E453434
SAE (Simultaneous Authentication of Equals) is a secure password-based authentication and key exchange protocol used in modern Wi‑Fi networks, notably as the basis for WPA3’s improved handshake mechanism.
Statements (43)
| Predicate | Object |
|---|---|
| instanceOf |
authentication protocol
ⓘ
password-authenticated key exchange protocol ⓘ |
| associatedWith | WPA3-Personal security mode NERFINISHED ⓘ |
| authenticationType | password-based ⓘ |
| basisFor | WPA3 handshake mechanism ⓘ |
| category |
Wi‑Fi security technology
ⓘ
network security protocol ⓘ |
| definedIn |
IEEE 802.11 standard
NERFINISHED
ⓘ
IEEE 802.11-2016 and later amendments NERFINISHED ⓘ |
| deployedSince | around 2018 with WPA3 introduction ⓘ |
| designGoal |
improve security of Wi‑Fi personal networks over WPA2-PSK
ⓘ
limit information leaked about the password in each handshake ⓘ provide cryptographic binding between password and session key ⓘ |
| fullName | Simultaneous Authentication of Equals NERFINISHED ⓘ |
| improvesOver | WPA2-PSK in resistance to offline attacks ⓘ |
| keyExchangeType | authenticated key exchange ⓘ |
| messageFlow | two-message commit/confirm exchange per side ⓘ |
| negotiates | Pairwise Master Key (PMK) in WPA3 ⓘ |
| notUsedFor | WPA3-Enterprise primary authentication ⓘ |
| operatesAtLayer | data link layer (IEEE 802.11 MAC) ⓘ |
| provides | session keys for subsequent data encryption ⓘ |
| replaces | WPA2 4‑way handshake in WPA3-Personal ⓘ |
| requires | shared password between client and access point ⓘ |
| requiresMitigation | implementation-side protections against side-channel attacks ⓘ |
| roleInWPA3 |
primary authentication and key establishment method for WPA3-Personal
ⓘ
replaces pre-shared key (PSK) handshake with PAKE-based handshake ⓘ |
| securityProperty |
forward secrecy
ⓘ
mutual authentication ⓘ protection against key compromise impersonation in many settings ⓘ resistance to offline dictionary attacks ⓘ resistance to passive eavesdropping ⓘ |
| standardBody | IEEE NERFINISHED ⓘ |
| standardizedAs | Dragonfly handshake in IEEE 802.11 ⓘ |
| supports | protection against offline password guessing when passwords have sufficient entropy ⓘ |
| usedBy |
Wi‑Fi access points
ⓘ
Wi‑Fi client devices ⓘ |
| usedIn | Wi‑Fi networks ⓘ |
| usedInStandard | WPA3 NERFINISHED ⓘ |
| uses |
Diffie–Hellman key exchange
NERFINISHED
ⓘ
elliptic-curve Diffie–Hellman (ECDH) in common deployments NERFINISHED ⓘ password-based key derivation ⓘ |
| usesConcept | Dragonfly PAKE NERFINISHED ⓘ |
| vulnerableTo | online guessing attacks if rate limiting is not enforced ⓘ |
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.