The WPA/WPA2 standards described two methods of user authentication. They are
- 802.1X EAP/EAPOL mechanism
- Pre-Shared Key (EAPOL) Mechanism
Both the above authentication mechanisms involve authenticating the user and also generating a set of encryption keys that could be used for data security. The WLAN association and authentication mechanism can be broken into three phases.
- The WLAN station and the Access Point Associate to one another and determine whether the Authentication mechanism used is Pre-shared Key/802.1X
- The chosen authentication mechanism creates a “Master Key” at the end of phase 2.
- The Master key is utilized in a 4-way handshake termed EAPOL handshake to obtain the temporal keys for data encryption at the end of phase 3
The following articles describe the Association, 802.1X and Pre-shared key mechanism to generate a Master Key and the 4-way EAPOL Handshake