2

Related: Are WPA2 connections with a shared key secure?

Is a public WPA3 network secure against eavesdropper who knows the password?

The specific use case would be a public WiFi using WPA3, but with a common password posted for everyone (including the hacker) to know. The question is if the users traffic is protected against sniffing or manipulation by an attacker which might passively sniff the WPA3 traffic (and maybe decrypt the traffic with the known password), but who might also be connected to the same WiFi (since the password is known).

Steffen Ullrich
  • 201,479
  • 30
  • 402
  • 465
zypA13510
  • 155
  • 8
  • Do you mean somebody passively sniffing the WPA3 traffic or someone which is actually connected to the WiFi network (since they know the key). And secure against what, i.e. what you want to have protected? – Steffen Ullrich Oct 05 '23 at 11:52
  • @SteffenUllrich AFAIK WPA2 secure against neither of the scenarios you mentioned. I'd like to know if WPA3 is any different. Example would be a coffee shop offering free WiFi with the password printed on the wall, and someone bringing a laptop to eavesdrop on other customers. – zypA13510 Oct 05 '23 at 12:00
  • 2
    I've extended your question with the context I've read from your comment. Please check if this is what you want to know. – Steffen Ullrich Oct 05 '23 at 12:46

1 Answers1

4

I am assuming you are talking about WPA3-Personal (WPA-SAE).

The good things:

  • adversaries should not be able to passively decrypt (present or past) communications even if they know the shared secret (which is an improvement over WPA-PSK);
  • adversaries who do not know the shared secret should not be able to impersonate the access point.

The bad things:

  • an adversary which has the shared secret can impersonate the access point (because after all it has the same information as the access point) i.e. by actively attacking the network it can decrypt/hijack the Wifi communications.

This problem can be solved by using WPA SAE-PK which associates a keypair to the access point. When using this scheme, the attacker should not be able to impersonate the access point unless it knows the private key of the access point as well.

The specific use case would be a public WiFi using WPA3, but with a common password posted for everyone (including the hacker) to know.

As explained above, this is not safe because the attacker can impersonate the access point. You could use WPA SAE-PK to solve this problem: in this case, you should be safe against cryptographic attacks (if all stations actually use WPA3-SAE-PK) however…

but who might also be connected to the same WiFi

As soon as the attacker can join the network, it might be able to trigger layer-2 attacks. You might want to check if your access point has protection against layer-2 attacks.

ysdx
  • 1,511
  • 9
  • 16
  • 1
    Just to clarify, does this mean the attack for WPA2 in the linked question (sniffing initial association packets) no longer works for WPA-SAE? – zypA13510 Oct 08 '23 at 05:02
  • 1
    @zypA13510, yes sniffing initial association packets (+ knowing the Wifi passphrase) won't let you decrypt the communications in WPA-SAE. This is because the SAE handshake is based on the DragonFly (see RFC7664) key exchange which roughly is based on a Diffie-Hellman key exchange authenticated with the Wifi passphrase. – ysdx Oct 08 '23 at 08:19
  • @zypA13510, fixed the typo – ysdx Oct 08 '23 at 08:26