32

Is there any standard that allows a WiFi connection to be encrypted, but not require a password?

i know that (old, weak) WEP, and newer WPA/WPA2 require a password (i.e. shared secret). Meanwhile my own wireless connections are "open", and therefore unencrypted.

There is no technical reason why i can't have an encrypted link that doesn't require the user to enter any password. Such technology exists today (see public key encryption and HTTPS).

But does such a standard exist for WiFi?

Note: i only want to protect communications, not limit internet access.

i get the sense that no such standard exists (since i'm pretty capable with Google), but i'd like it confirmed.

Claraification: i want to protect communcations, not limit internet access. That means users are not required to have a password (or its moral equivalent). This means users are not required:

In other words: it has the same accessibility as before, but is now encrypted.

Twelve Years Later

The answer is to use the same encryption on wireless ethernet as you use on wired ethernet.

Improve this question
3
  • I might be wrong as I am not that network savvy, but isn't the encryption used in WPA et al only between computer and access point? And wouldn't that mean that any computer being able to access the network without password, being able to sniff the network as a whole, making the wireless encryption moot?
    – erikxiv
    Commented Apr 15, 2012 at 19:26
  • @erikxiv You would only be able to sniff packets sent to you (either directly to your address, or broadcast to everyone). Think of it like a wired network, where my laptop is wirely connecting to the hub, rather than wirelessly.
    – Ian Boyd
    Commented Apr 16, 2012 at 0:12
  • Yes, it's only to the AP. Yet it's extremely important. Even if everybody uses https (which does not yet happen), sniffing can be used for several attack vectors. I'm very much interested in some practical and reliable solution here and I would love to see it implemented in public networks that currently rely on WEP instead.
    – Ivan Anishchuk
    Commented Sep 18, 2017 at 10:46

4 Answers 4

Reset to default
5

Here's a crazy idea - put the password in the SSID. An SSID can be up to 32 characters long, which is plenty of space to both describe your network and communicate the password, as long as you're reasonably creative.

My Free Wifi "Password123"

Improve this answer
1
  • This is, by far, the only universal solution that works everywhere. Yet noir the most convenient one, just like printing passwords putting them up in visible places. Importantly, you can't expect users to also do additional http-based auth if connecting takes more then one tap.
    – Ivan Anishchuk
    Commented Sep 18, 2017 at 10:39
3

For a no password setup, try WPS (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup) This will allow your network to be encrypted with WPA(2) without the hassle of passwords or pin codes. OK, small lie - there is still a password (A requirement for WPA Encryption); However, users never need to know the password.

When used correctly WPS is a lot like pairing Bluetooth devices together. One button press will pair the computer with the wireless router.

WPS is supported by Windows XP+, Linux, and Mac. WPS is support on any router that has the Wi-Fi Alliance Certification sticker on the box (Any modern router that cost more than $20 will have this).

So basically the security is not within the key itself, but within the ability to have physical access to the router.

EDIT: Clarifying point of Max Nanasy

There are two types of WPS, Pin code security and hardware security. Max Nanasy you are referring to the pin code brute force method. I myself have cracked networks with this brute force attack. However, this method only works when the pin code ability is turned on. WPS can be used without the pin code. I have found depending on the router the WPS pin code exploit is useless. For example, all modern D-Link routers will disable WPS pin authorization (until an administrator re-enables it) after ~10 failed pin codes.

Hardware security as I talked about above requires a cracker to have access to the hardware of the router (and if a person has that, they can do anything, i.e. get your Windows passwords, house security passcodes, etc.).

Improve this answer
3
  • 2
    The Wikipedia article you link to says "WPS has been shown to easily fall to brute-force attacks", "A major security flaw was revealed in December 2011 that affects wireless routers with the WPS feature", and "Users have been urged to turn off the WPS feature".
    – Max Nanasy
    Commented Aug 2, 2013 at 7:07
  • "Hacking" mostly means retrieving the key or getting access to the network. And OP specifically asked about public networks without any access control.
    – Ivan Anishchuk
    Commented Sep 18, 2017 at 10:41
  • What I'm interested in, is there a practical way to use wps that look to use just like unencrypted network: select the network, your phone does something, and you are connected. No pin or button or anything.
    – Ivan Anishchuk
    Commented Sep 18, 2017 at 10:43
2

To my knowledge only workarounds exist, such as giving the password away via SSID or other means, or having an empty password. That way the communication can still be secure (depending on the configuration).

Improve this answer
1

You can use WPA-802.1X (often called "WPA-Enterprise") with various EAP versions, some of which (EAP-TLS, EAP-IKEv2) work using X.509 or similar asymmetric keypairs.

Improve this answer
2
  • 2
    I assume that still means the connecting party has to have pre-knowledge of the public key tho, no?
    – Garrett
    Commented Apr 15, 2012 at 17:19
  • Can any version of eap just give away passwords to whoever asks?
    – Ivan Anishchuk
    Commented Sep 18, 2017 at 10:37

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .