9

As I understand WiFi with a PSK, such as WPA(2)-PSK or WEP, anyone on the same network can decrypt anyone elses packets because everybody has the same key.

In which case, if you are not going to implement TKIP and want to have a free and open network, is there any benefit to implementing a PSK over an unsecured network?

AviD
  • 72,138
  • 22
  • 136
  • 218
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
  • Could you better specify what it is you want to compare? You mention Open, WPA2-PSK, WEP, and TKIP configurations. Which options are you actually considering? Benefits vary greatly depending on implementations. – Iszi Jun 08 '11 at 22:40
  • Maybe not exact dulpicate, but probably relevant: http://security.stackexchange.com/q/2214/953 – Iszi Jun 08 '11 at 22:51
  • @Iszi, not wanting to compare anything...lumping WEP and WPA(2)-PSK together because they all use a PSK, and asking if the only security benefit is to keep of unwanted guests, and no advantage from a privacy standpoint. – Sonny Ordell Jun 08 '11 at 23:18
  • I wouldn't recommend lumping WEP and WPA2 together. They are different protocols with different properties. (For instance, WEP is horribly broken for every security property I can think of, but that's not true of WPA2.) – D.W. Jun 10 '11 at 04:06

2 Answers2

13

As I understand it, there is a benefit. WPA2 will generate a different session key for each association. That means that each node will still have its own encryption key. Without capturing the all four packets at the start of a session, a session cannot be decrypted. See Wireshark's documentation on this matter.

That benefit is limited, however. Attackers can force disassociation and anybody capturing a full association will be capable of decrypting everything from there forward.

Edit: It was suggested that I also point out "Hole 196" to you, which affects both PSK and enterprise authentication.

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
  • 1
    Just to clarify, "Hole 196" is an insider attack. If you have a 'free and open network' you could be quite exposed to "Hole 196". I would be remiss not to mention that an open WiFi is subject to [Federal Agent attack](http://news.yahoo.com/s/ap/20110424/ap_on_hi_te/us_wi_fi_warning). – this.josh Jun 08 '11 at 22:20
  • @Thanks for the info. I was sure that with a PSK everybody could read each others packets, which helped Firesheep to be such a scare. – Sonny Ordell Jun 08 '11 at 23:19
  • @John, is this only true for WPA2? What about WEP? – Sonny Ordell Jun 11 '11 at 12:16
  • "Hole 196" is a hole only if you have insane expectations for an "open" thing. – curiousguy May 16 '12 at 02:16
1

Is there any benefit to using WPA2-PSK instead of an unencrypted network? Oh yeah, you better believe it! There sure is. There's a massive benefit: anyone who is not authorized to use the network cannot eavesdrop on connections, send packets over the network, or modify packets sent over the network. That's huge!

Look at it another way: There might 100 authorized users, and approximately 5 billion unauthorized users; narrowing down the number of people who can attack your connections from about 5 billion to about 100 is a significant win, particularly if you can control who those 100 are.

(If that's not the question you were asking, please edit the question to clarify what you were asking.)

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • I asked if there was any benefit *aside* from denying unauthorized users access. To put it another way, is there any security advantage to protect authorized users from malicious authorized users who wants to eavesdrop. – Sonny Ordell Jun 09 '11 at 09:51
  • @Sonny, oops, sorry for misunderstanding the question. My fault. – D.W. Jun 10 '11 at 04:07