AES encrypted passwords
b.candler at pobox.com
Sat Oct 1 10:34:23 CEST 2016
On 30/09/2016 14:57, Stefan Winter wrote:
> No CA checks means all your passwords are up for grabbing for everyone
> with a glimpse on Enterprise Wi-Fi.
What he said.
It's interesting to note that the "home" version of WPA, with a single
pre-shared key (PSK), provides strong mutual authentication as standard.
If a rogue access point is set up but has the wrong pre-shared key, the
client simply won't be able to connect. Job done.
Unfortunately, "enterprise" WPA is a lot murkier. The two most commonly
implemented versions are:
* EAP-TLS: each side proves its identity to the other with a certificate
* PEAPv0 with MSCHAPv2 - the AP [actually RADIUS server] proves its
identity with a certificate, and the client with username/password
In both cases, if the client doesn't validate the certificate presented
by the AP/RADIUS server then they could be connecting to a rogue access
point, and all their traffic intercepted. In the PEAP case they will
also be giving away their login credentials!
Since there's no way to bind an SSID to a certificate directly, you have
to manually *configure* every client to know which certificate DN(s) the
AP should expect when connecting to that SSID. If you don't do that,
then you're vulnerable to trivial attacks from rogue access points.
(Maybe it's safer to use a different password for wireless access than
for the rest of your enterprise services to mitigate the problem? But if
you're going to do that, you could just go the EAP-TLS route anyway. And
it doesn't obviate the need for checking the AP certificate to prevent
There *is* a protocol which gives strong mutual authentication using a
password and without the need for certificates: EPA-EKE (RFC 6124).
However it's relatively new and I've not seen it deployed. Also it
doesn't seem to be supported by FreeRADIUS at least according to
P.S. Nice paper here:
More information about the Freeradius-Users