What security benefit does WPA3 provide to guard against offline brute-force attacks?

WPA3 offers significant improvements over its predecessor, particularly in securing Wi-Fi networks against offline brute-force attacks through the use of Simultaneous Authentication of Equals (SAE). SAE is a password-based authentication method that replaces the traditional Pre-Shared Key (PSK) process used in WPA2.

The key advantage of SAE is that it incorporates a unique authentication process for each connection attempt, which means it generates a specific key based on the password and the corresponding peer's identity. This method effectively prevents attackers from capturing the hashed password and running offline brute-force attacks, as they cannot guess the password without being actively involved in the connection process. Thus, even if an attacker manages to capture the handshake during the authentication process, they would still be unable to quickly test multiple password combinations without a live connection attempt.

In contrast, the other options do not directly address offline brute-force attack protection. Advanced encryption standards focus on data security during transmission rather than on the authentication process itself. Disabling SSID broadcast helps to obscure the network but does not provide any intrinsic protection against brute-force attacks. Enhanced MAC address filtering can assist in controlling device access to the network but does not add a layer of security against offline password guessing attempts.