30 Sep
2016
30 Sep
'16
2:47 p.m.
Hi,
I don't think it is good enough. I tested this last year, by configuring a laptop to use its WiFi interface as an AP, broadcasting an SSID and running a local FreeRADIUS instance that was configured only to record the passwords that users sent to it.
you know thats pretty much in violation of UK law and up for a computer misuse act against you? ;-) just point people to the research already done here eg http://www.eduroam.zm/Maninmiddle.pdf (presentation to educate) https://www.syssec.rub.de/media/infsec/veroeffentlichungen/2015/05/07/eduroa... (paper - that was pretty much a copy of earlier stuff). alan