7

When connecting to a public Wifi from a café for example, some don't use a password and some do. If they do use a password it is often publicly known to everybody around.

Does having a password on the network, even though it is publicly known, make it more secure? Secure in the sense that it is harder for others to know what you are doing?

Or do these things depend more on type of Wifi (WEP/WPA), strength of the password, or using SSL?

Lode
  • 173
  • 5
  • 3
    possible duplicate of [Are WPA2 connections with a shared key secure?](http://security.stackexchange.com/questions/8591/are-wpa2-connections-with-a-shared-key-secure), and of [Free wifi password protection impact on security](http://security.stackexchange.com/questions/2214/free-wifi-password-protection-impact-on-security) – Jeff Ferland Dec 05 '11 at 21:01

1 Answers1

6

In a way, yes. If the key is publicly known then it would be trivial to connect to the network but to see what others are doing, the data would have to be captured and then decrypted using the known key versus simply flying around over the air in plain-text as in the case of no password. It is still not secure but then security is just a collection of steps to make the attacker's goal more difficult right?

P.S. don't do anything private from a cafe to begin with - you can't even be sure you're not connecting to someone else's 'fake' hotspot and in that case, not even your SSL sessions are safe.

Paul Ackerman
  • 466
  • 2
  • 5
  • 3
    If you are connecting somewhere that you have a previously established known trust relationship with (for example, to a corporate VPN, or a SSH server with a known good host key) and work through that, I don't see how doing something "private" using a publicly available wireless network would inherently be more risky than doing it anywhere else. Would you please clarify that part? – user Dec 06 '11 at 10:43
  • I was speaking about eavesdropping on SSL via MITM. If you (and your users) are diligent about verifying certificates, the session would be safe but I could still see where you're going and such and might attempt to gain access to your workstation itself given an establish VPN link to your corporate network... just depends on how paranoid you are. – Paul Ackerman Dec 06 '11 at 14:11