AES encrypted passwords

freeradius-users at latter.org freeradius-users at latter.org
Fri Sep 30 13:31:43 CEST 2016



On 30/09/16 12:01, Matthew Newton wrote:
> On Fri, Sep 30, 2016 at 11:53:27AM +0100, freeradius-users at latter.org wrote:
>> On 30/09/16 11:25, Matthew Newton wrote:
>>> Most things will do EAP-TTLS/PAP these days. Windows XP/7 are the
>>> only real big exceptions I'm aware of. And if XP is a problem then
>>> that's the least of your issues.
>>
>> I thought Windows 7 *did* support it.  (Out of the box, in case
>> that is not crystal clear!)
>
> It arrived in Windows 8.

Well - that'll be why we don't do EAP-TTLS/PAP.

>>  - Untick “Verify the server’s identity by validating the certificate”
>
> Noooo :(

Yup.

>> So presumably we are at risk of people spoofing the SSID?
>
> Yes
>
>> (although I believe the Aerohive kit has stuff to identify
>> and deal with what they call "rogue" access points).
>
> And when the rogue Access Point is not within hearing distance of
> your own APs? It sounds like a good feature, but it will again
> only provide an illusion of security.

I'll pass this back to the people whose trainset it is.

thanks.


More information about the Freeradius-Users mailing list