Encrypted WiFi with no password?

28

8

Is there any standard that allows a WiFi connection to be encrypted, but not require a password?

i know that (old, weak) WEP, and newer WPA/WPA2 require a password (i.e. shared secret). Meanwhile my own wireless connections are "open", and therefore unencrypted.

There is no technical reason why i can't have an encrypted link that doesn't require the user to enter any password. Such technology exists today (see public key encryption and HTTPS).

But does such a standard exist for WiFi?

Note: i only want to protect communications, not limit internet access.

i get the sense that no such standard exists (since i'm pretty capable with Google), but i'd like it confirmed.

Claraification: i want to protect communcations, not limit internet access. That means users are not required to have a password (or its moral equivalent). This means users are not required:

In other words: it has the same accessibility as before, but is now encrypted.

Ian Boyd

Posted 2012-04-15T15:38:46.487

Reputation: 18 244

Yes, it's only to the AP. Yet it's extremely important. Even if everybody uses https (which does not yet happen), sniffing can be used for several attack vectors. I'm very much interested in some practical and reliable solution here and I would love to see it implemented in public networks that currently rely on WEP instead. – Ivan Anishchuk – 2017-09-18T10:46:11.160

I might be wrong as I am not that network savvy, but isn't the encryption used in WPA et al only between computer and access point? And wouldn't that mean that any computer being able to access the network without password, being able to sniff the network as a whole, making the wireless encryption moot? – erikxiv – 2012-04-15T19:26:39.493

@erikxiv You would only be able to sniff packets sent to you (either directly to your address, or broadcast to everyone). Think of it like a wired network, where my laptop is wirely connecting to the hub, rather than wirelessly. – Ian Boyd – 2012-04-16T00:12:54.010

Answers

4

Here's a crazy idea - put the password in the SSID. An SSID can be up to 32 characters long, which is plenty of space to both describe your network and communicate the password, as long as you're reasonably creative.

My Free Wifi "Password123"

j__m

Posted 2012-04-15T15:38:46.487

Reputation: 151

This is, by far, the only universal solution that works everywhere. Yet noir the most convenient one, just like printing passwords putting them up in visible places. Importantly, you can't expect users to also do additional http-based auth if connecting takes more then one tap. – Ivan Anishchuk – 2017-09-18T10:39:52.383

3

For a no password setup, try WPS (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup) This will allow your network to be encrypted with WPA(2) without the hassle of passwords or pin codes. OK, small lie - there is still a password (A requirement for WPA Encryption); However, users never need to know the password.

When used correctly WPS is a lot like pairing Bluetooth devices together. One button press will pair the computer with the wireless router.

WPS is supported by Windows XP+, Linux, and Mac. WPS is support on any router that has the Wi-Fi Alliance Certification sticker on the box (Any modern router that cost more than $20 will have this).

So basically the security is not within the key itself, but within the ability to have physical access to the router.

EDIT: Clarifying point of Max Nanasy

There are two types of WPS, Pin code security and hardware security. Max Nanasy you are referring to the pin code brute force method. I myself have cracked networks with this brute force attack. However, this method only works when the pin code ability is turned on. WPS can be used without the pin code. I have found depending on the router the WPS pin code exploit is useless. For example, all modern D-Link routers will disable WPS pin authorization (until an administrator re-enables it) after ~10 failed pin codes.

Hardware security as I talked about above requires a cracker to have access to the hardware of the router (and if a person has that, they can do anything, i.e. get your Windows passwords, house security passcodes, etc.).

Mark Lopez

Posted 2012-04-15T15:38:46.487

Reputation: 925

"Hacking" mostly means retrieving the key or getting access to the network. And OP specifically asked about public networks without any access control. – Ivan Anishchuk – 2017-09-18T10:41:40.730

What I'm interested in, is there a practical way to use wps that look to use just like unencrypted network: select the network, your phone does something, and you are connected. No pin or button or anything. – Ivan Anishchuk – 2017-09-18T10:43:17.583

2The Wikipedia article you link to says "WPS has been shown to easily fall to brute-force attacks", "A major security flaw was revealed in December 2011 that affects wireless routers with the WPS feature", and "Users have been urged to turn off the WPS feature". – Max Nanasy – 2013-08-02T07:07:00.740

2

To my knowledge only workarounds exist, such as giving the password away via SSID or other means, or having an empty password. That way the communication can still be secure (depending on the configuration).

Tim

Posted 2012-04-15T15:38:46.487

Reputation: 1 642

1

You can use WPA-802.1X (often called "WPA-Enterprise") with various EAP versions, some of which (EAP-TLS, EAP-IKEv2) work using X.509 or similar asymmetric keypairs.

user1686

Posted 2012-04-15T15:38:46.487

Reputation: 283 655

Can any version of eap just give away passwords to whoever asks? – Ivan Anishchuk – 2017-09-18T10:37:21.230

2I assume that still means the connecting party has to have pre-knowledge of the public key tho, no? – Garrett – 2012-04-15T17:19:31.713

Asked: 2012-04-15T15:38:46.487

Viewed: 19 335 times

Active: 2013-10-14T09:13:32.340