2

I want to host a hotspot in Ubuntu. The hotspot should authenticate every client, whether he enters right password or wrong password. Actually, I want to validate four way handshake even if the password entered is wrong.

I am hosting the hotspot, can I configure WPA2 like that?

techraf
  • 9,141
  • 11
  • 44
  • 62
user133033
  • 21
  • 1

2 Answers2

3

No you cannot. Ubuntu hotspot uses WPA2-PSK with a pre-shared key (not a password).

Pre in pre-shared means both parties must be supplied with the same key before connection takes place; both parties need to use the same key to be able to communicate with each other.

If "the password entered is wrong" (i.e. different than you know), it means you will not be able to decrypt the communication from the client.

techraf
  • 9,141
  • 11
  • 44
  • 62
  • 1
    Absolutely right, because what Ubuntu can set up quickly is a WPA2-PSK network. With WPA2-enterprise, this is perfectly possible, as demonstrated on every bigger CCC event, where everyone can pick their password randomly, since the password isn't really needed to authenticate; it's just necessary to allow encryption to be used. Again, for what Ubuntu's Hotspot dialogs offer, what your write is 100% correct. – Marcus Müller Dec 10 '16 at 10:47
  • 1
    @MarcusMüller Thank you, that's a valid point. I clarified. – techraf Dec 10 '16 at 10:50
  • Question is, should we be removing the "hotspot in Ubuntu" from the question's title and replace it with "WPA2-PSK hotspot"? That might make the question more visible to future readers who might not be using Ubuntu – Marcus Müller Dec 10 '16 at 11:02
  • 1
    @MarcusMüller I would say a person who has such question and wants to ask is more keen on using less technical term. That's why duplicate questions appear (and are kept on SE) - people ask the same questions using different language. – techraf Dec 10 '16 at 11:26
0

Well, it is possible to set up a soft AP in ubuntu with tools like airbase-ng and achieve what you have described (this is known attack). I am not sure if this is something you are interested though. Also, back in the day this functionality was supported only to advertise fake WEP protected networks. I am uncertain if newer versions support it for WPA/WPA2 protected APs.

dr.doom
  • 151
  • 2