AES encrypted passwords
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Sep 30 20:47:37 CEST 2016
Hi,
> I don't think it is good enough. I tested this last year, by
> configuring a laptop to use its WiFi interface as an AP,
> broadcasting an SSID and running a local FreeRADIUS instance that
> was configured only to record the passwords that users sent to it.
you know thats pretty much in violation of UK law and up for a computer misuse
act against you? ;-)
just point people to the research already done here eg
http://www.eduroam.zm/Maninmiddle.pdf (presentation to educate)
https://www.syssec.rub.de/media/infsec/veroeffentlichungen/2015/05/07/eduroam_WiSec2015.pdf
(paper - that was pretty much a copy of earlier stuff).
alan
More information about the Freeradius-Users
mailing list