TLS certificates authorities.

Stefan Winter stefan.winter at
Fri Sep 9 12:34:22 CEST 2016


> This is clear for me. Are there are any EAP flavor that uses strong hash
> and can handle SSID spoofing well?

EAP-TLS brings all the security you ever want with its use of client
certificates. It also brings all the complexities of cert management you
do not want though.

EAP-pwd is password-based but the passwords never travel over the wire.
probably this is what you want. It's comparatively "brand new" though,
and you need to pay some attention if your envisaged client devices all
support it.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list