WPA2 or WPA3

Technical Support for Routers
1

What do you recommend to use?

WPA2 or WPA3

WPA3 vulnerabile to SSID confusion while WPA2 not.

Will hidden SSID prevent this attack?

2

This vulnerability isn't really dangerous.

For an SSID Confusion attack to succeed, certain conditions must be met. The victim must attempt to connect to a trusted network while a rogue network with similar authentication credentials is within range.

This vulnerability is particularly dangerous for VPNs that auto-disable on trusted networks, leaving traffic exposed.

So not really dangerous. Stay with WPA3

1 Like
3

I have read some information about this two protocols and both are vulnerable. WPA2 to death WPA3 to TunnelCrack. Wich vulnerability is most dangerous and wich will you recommend to use?

4

Always use the more modern standard, which is WPA3

5

Hmm technically both are secure.

However tunnelcrack is leveraged against vpns not wifi.

Openwrt uses the new cipher suites for wpa2 where 802.11w is enabled per default (some old apple devices have issues with that but yea general more safe than with its older wpa2 cipher).

and wpa2 has already build in protection against krack.

for wpa3 you have things like dragonblood but from what i understand is that it requires for wpad/hostapd to use hash to element mode, openwrt has this disabled by default.

If you use wpa2 AES+ccmp you should be fine, wpa3-sae aswell its also a bit higher standard, the only possible risk are still evil twin type attacks but can be megitated mostly by not automaticly connecting to wifi on the client devices.

^ in the latest hostapd, they seem to have added ssid_protection, but i have no idea if it prevents a evil twin, i also think its not in the gl builds yet and it needs to be exposed as: list hostapd_options 'ssid_protection=1' in the wireless config on radio0 and radio1 devices, i enabled it on my own builded snapshot but still don't know how it works :slight_smile:

The only advise i can give is use long generated passwords prefered from a password manager, this makes it hard for bruteforcing attacks with rainbow tables etcetera.

On a security point of view you should never consider wireless safe even if most seem to be patched out :slight_smile: but that is extreme but still valid :wink:

1 Like