I want to ask why public WIFI is always open and cannot use encryption? For example, customers in coffee shop can use WIFI without password (i.e. no encryption). Why WIFI router cannot configure with WPA2 encryption with simple WPA2 password and will provide encryption? There must be reasons behind that I'm unaware. Please advise. Thanks!!
Asked
Active
Viewed 47 times
0
-
3You can. But WPA2-PSK with a public password is almost the same as an open wifi from a security point of view. Even though it is encrypted in theory, pretty much anybody who knows the password can decrypt it. – nobody Oct 10 '21 at 03:23
-
They can, and it's quite common to find that coffee shop WiFi does come with a password. The problem is that it doesn't really help against any attacks in practice, in part due to how WPA2 PSK works, but also because many attacks you might be subject to on an untrusted network aren't anything to do with WiFi itself. If an attacker can connect to the WiFi network, they can perform ARP spoofing, DHCP spoofing, and/or DNS spoofing attacks to redirect your traffic through their device. The WiFi frames being encrypted in the air doesn't fix that. – Polynomial Oct 10 '21 at 14:21
-
With WPA2, each station device (client, like a phone/laptop) agrees a unique pairwise transient key (PTK) with the access point, and the PTK is used to encrypt and authenticate the 802.11 frames over the air. When using pre-shared key (PSK) authentication - i.e. password auth, aka. WPA2 Personal - an attacker who knows the PSK can use a promiscuous-mode WiFi card to capture the handshake when a station first connects to the AP, and recover the PTK from it in order to passively decrypt traffic. But this is much more annoying for an attacker than just using ARP/DHCP/DNS spoofing tricks. – Polynomial Oct 10 '21 at 14:35
-
Wonder if OWE would be worth discussing, since none of the duplicate's answers mention it. – multithr3at3d Oct 10 '21 at 14:39