1

I'm running a small, low power web server chip which creates a Wi-Fi access point using WPA2-PSK AES encryption. This chip is never connected to the public Internet or any other network. A client device may connect to this access point and receive HTTP pages. This is basically like connecting to your router's configuration pages, but the router is not connected to anything else.

My question is, since the only connection is already using WPA2, would using HTTPS instead of HTTP within that connection provide any additional level of security that I'm not already getting with WPA2?

user169301
  • 13
  • 3

2 Answers2

1

It would definitely add an additional level of security that would keep communications confidential if your WPA pre-shared key is leaked.
Check this: Can other people on an encrypted Wi-Fi AP see what you're doing?

"So if you know the PSK for the network, and your sniffer catches the "4-way handshake" another client does with the AP as it joins, you can decrypt all of that client's traffic. If you didn't happen to capture that client's 4-way handshake, you can send a spoofed de-authenticate packet to the target client (spoofing it to make it look like it came from the AP's MAC address), forcing the client to fall off the network and get back on, so you can capture its 4-way handshake this time, and decrypt all further traffic to/from that client."

jonna_983
  • 84
  • 6
0

HTTPS could add security to the communication channel, especially when your WPA2 devices are susceptible to KRACK

Andy
  • 263
  • 1
  • 8