Four-Way Handshake
.png)
4-Way Handshake Definition
A 4-way handshake (or “four-way handshake”) is a Wi-Fi security process that runs when a device joins a protected wireless network. Its purpose is to confirm that both the device and the access point (router) know the correct Wi-Fi password, without ever sending it over the air.
This step is part of the WPA, WPA2, and WPA3 security standards, which define how authentication and encryption work on wireless networks. After verifying the shared secret, the 4-way handshake activates encryption between the device and the router, so the data can be securely transferred.
How the 4-Way Handshake Works
The 4-way handshake process begins when the router sends the device a random one-time value called a nonce. This value is unique to that connection and helps prevent replay attacks.
Next, the device combines the Wi-Fi password (or 802.1X login credentials on enterprise networks), the nonce from the router, its own nonce, and both MAC addresses. This generates a temporary encryption key called the Pairwise Transient Key (PTK). The device then replies to the router with its nonce and a Message Integrity Code (MIC), which works like a digital seal proving nothing in the message was tampered with.
The router repeats the same calculations. If the device’s MIC matches, the router knows the device has the correct credentials. It sends back another key called the Group Temporal Key (GTK), which encrypts the traffic sent to all devices on the network.
Finally, the device installs both keys and sends a short confirmation message to the router. With that, the handshake is complete and full encryption begins. All data sent between the device and the router is now protected.
Read More
FAQ
The 4-way handshake itself doesn’t close a connection; it establishes a secure one. Once the handshake finishes, the device and the Wi-Fi router start exchanging encrypted data. When the device disconnects or moves out of range, it ends the session, and the temporary encryption keys created during the handshake are deleted. This prevents anyone from reusing them to decrypt past traffic.
A 4-way handshake timeout happens when one of the steps in the handshake doesn’t complete within a set time. This can happen if the Wi-Fi signal is weak, there’s interference, or the router or device fails to respond quickly enough. When a timeout happens, the connection fails to establish, and the device has to retry the handshake to reconnect.
A 3-way handshake is used to start a connection between two computers on the internet. The 4-way handshake is part of Wi-Fi security (WPA/WPA2/WPA3). Its role is to ensure that both the router and another device (computer, phone, etc.) have the same credentials. After that, it sets up encryption keys for wireless communication.
45-Day Money-Back Guarantee