Questions tagged [radius]
69 questions
34
votes
4 answers
What is the difference between a RADIUS server and Active Directory?
Why would I need a RADIUS server if my clients can connect and authenticate with Active Directory? When do I need a RADIUS server?
johnny
- 641
- 1
- 7
- 13
15
votes
3 answers
My school wifi asks to 'trust' a certificate on iPhones. Does this allow them to view SSL traffic?
There is a lot of confusion around this on here, so I am making this post to be sure to understand it correctly. My school uses Aruba networks wifi, and after I type my Active Directory username and password (RADIUS authentication), it tells me I…
BusinessGuy
- 153
- 1
- 1
- 4
13
votes
1 answer
MPPE-Send and Receive key derivation from MS-CHAPv2
I am trying to get the MS-MPPE-Send-key and MS-MPPE-Recv-key from the MS-CHAPv2 challenge material. I am able to follow the RFCs 2548 3078 and 3079 to the step of getting the GetNewKeyFromSHA() it is 16 bytes long.
I can use the key to encrypt data…
Jaime
- 139
- 5
13
votes
2 answers
WPA2 Enterprise AES encryption key size?
I have recently set up a RADIUS server with EAP for my wireless router, however, I have some questions about the key size and how WPA2 enterprise (AES) works in general.
I have read that in Enterprise mode, the key used to encrypt the traffic…
Dan
12
votes
3 answers
Encrypt WiFi connection per connected user
One of the questions that comes on quite often is about WiFi encryption.
Now imagine that you have multiple users connecting to one AP. With a simple WPA2 protection setup they can still sniff each others traffic.
What technology would allow a…
Lucas Kauffman
- 54,169
- 17
- 112
- 196
9
votes
3 answers
Protection of eduroam credentials
Recently my educational institution officially switched over from the their own wireless network to eduroam.
If I understand correctly from the FAQ, credential authentication is performed on the servers at my educational institution no matter where…
rink.attendant.6
- 2,227
- 4
- 22
- 33
9
votes
2 answers
What's the difference between Radius and Kerberos?
Is Radius just a better version of Kerberos? I can't find anything about this.
If you set up a Radius server in a modern network do you need Kerberos at all?
User104163
- 409
- 2
- 6
- 11
8
votes
3 answers
Are RADIUS and TACACS+ Ever Allowed in FIPS 140-2 Compliant Scenarios?
Are RADIUS and TACACS+ Ever Allowed in FIPS 140-2 Compliant Scenarios?
I understand that RADIUS uses the MD5 hashing algorithm and I'm pretty sure TACACS+ does too, and I do not believe there is any implementation of either RADIUS or TACACS+ that…
Ryan Ries
- 949
- 1
- 10
- 14
7
votes
3 answers
Can someone explain in simple steps how WPA2-Enterprise authentication and encryption happens?
When I try asking this question on other websites I get massive downvotes and am told "We're not doing your homework. Use google." Also I sometimes get banned.
Anyways, I've searched tens of pages of google and still can't get a grasp on it.
There's…
Newlo Newly
- 145
- 1
- 1
- 6
7
votes
2 answers
WPA2 Enterprise EAP-TLS Key Exchange
I'm in the process of implementing 802.1x WPA2 Enterprise Authentication using FreeRadius and EAP-TLS (Mutual TLS Cert Based Auth).
I am keen to understand how to actual protocols work together and how they keep our WiFi network safe.
I understand…
user140024
- 71
- 1
- 2
6
votes
2 answers
WiFi security using IEEE 802.1X - how secure is it?
My company's set-up involves a single AP (TPlink) that is configured to authenticate clients using RADIUS. All works well, but: on a regular WPA/WPA2 network, once you have the PSK, you are able to decode all the traffic other users generate. On an…
Konrad Gajewski
- 593
- 5
- 16
5
votes
3 answers
WiFi Hacking - Certificate based authentication instead of password
I would like to know if using a certificate based authentication instead of a WPA2 password in a WiFi network would be secure or insecure in terms of is it breakable or not?
Since WPA2 can be dictionary guessed or brute forced. How does it look like…
Honeypot2k
- 51
- 1
- 2
5
votes
2 answers
If PAP is insecure why is it commonly the only authentication protocol available for Radius?
In configuring Radius authentication on multiple devices from a vendor, I discovered that PAP is the only supported protocol.
I was initially surprised but discovered that even an f5 BigIP only offers PAP too. Even further, several other vendors…
gb5757870
- 195
- 1
- 1
- 11
4
votes
4 answers
How to decode traffic on a LAN whose SSL certificates are expired
We have a campus Wi-Fi at my university and we authenticate through a log in page which to me seems like we are using a RADIUS server.
Every time the page loads my browser warns me that the certificate(s) being used are expired/not valid.
Is there…
Manny265
- 165
- 5
4
votes
2 answers
Certificate validation with 802.1x PEAP
I recently learned about how WPA-PSK works. If I understand correctly, the 4-way handshake enables the protocol to ensure mutual possession of the PMK (and therefor, the PSK) without sending the PMK/PSK over. This way it's not susceptible to a…
Compizfox
- 151
- 1
- 6