Questions tagged [wpa2-eap]

37 questions
26
votes
1 answer

What is stronger - WPA2 Enterprise with 2048 bit key, or Personal with 63 character passphrase?

Which of the two following has a stronger cryptographic strength in withstanding brute-force attacks? WPA/WPA2 Enterprise using 2048-bit RSA public-key WPA/WPA2 Personal using 63-character Passphrase
ARRE
  • 261
  • 3
  • 3
8
votes
1 answer

How to provide user friendly WiFi access to gym members with WPA2 Enterprise?

Background A friend of mine is the owner of a medium sized gym. He wants to provide WiFi to his customers and asked me to come up with a concept and eventually also deploy it. As a computer scientist I have a thorough understanding of information…
7
votes
2 answers

WPA2 Enterprise EAP-TLS Key Exchange

I'm in the process of implementing 802.1x WPA2 Enterprise Authentication using FreeRadius and EAP-TLS (Mutual TLS Cert Based Auth). I am keen to understand how to actual protocols work together and how they keep our WiFi network safe. I understand…
user140024
  • 71
  • 1
  • 2
4
votes
3 answers

Segregating a Printer in my Enterprise Network

I have a EAP-TLS network at home which I've managed for some time now. I just got a new Brother HL-5470 printer so I can finally print things at home, which is really nice. The only problem is that printers are notoriously good at being huge…
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75
4
votes
3 answers

Restrict Microsoft Network Policy Server (NPS) to only trust client certificates from a given CA?

I'm working on an install of a Microsoft Network Policy Sever (NPS) / RADIUS server for controlling access to corporate Wi-Fi using 802.1x / WPA2-Enterprise - using client certificates for authentication. We already have an internal AD-integrated…
3
votes
1 answer

WPA2-EAP and Captive Portal

Is it possible to use Captive Portal for WiFi and WPA2-EAP at the same time? Is there any EAP supporting Captive Portal? For example - user connects to WiFi, goes to Captive Portal over unsecure WiFi (but using TLS), then after logon, the EAP is…
user128766
  • 73
  • 1
  • 5
2
votes
2 answers

WPA with PSK and with Radius Server

In case of WPA2 using the Radius server, every client gets its own username and password. But what is the case in the WPA2 using a PSK without the authenticating server. In this case also we have a 4 way handshake. But is the PTK derived by all…
Ankur Bhatia
  • 125
  • 1
  • 5
2
votes
1 answer

Why is my RADIUS Certificate not automatically signed with the root CA Certificate on my iPhone

I have spent the last few days setting up a freeradius server with eap-tls as the only authentication method. I have used this old tutorial for setting up my own CA and generating the certificates and adjusted the older parameters to match the…
2
votes
2 answers

EAP vs TLS authentication

I am having trouble understanding the point of EAP. EAP is an authentication framework, which defines several TLS based methods and encapsulations like EAP-TLS, EAP-TTLS and PEAP. These all require the server/authenticator to have a certificate…
Sylvester
  • 65
  • 3
2
votes
2 answers

WPA2 Enterprise: no risks for preconfigured clients when it comes to Rogue APs?

We are using, as default, PEAP and MS-CHAPv2 as inner authentication. I was concerned with security risks when it comes to rogue APs but a colleague told me that there are no risks for preconfigured clients. He told me there are risks only for…
Jade Kush
  • 21
  • 2
2
votes
0 answers

WPA2-Enterprise / EAP-TLS user identity

I'm currently in process of testing EAP-TLS before deploying it in production. My test setup consists of: Supplicants: Android 6, Debian Buster with WICD-GTK. Authenticator: Mikrotik RouterOS 6.43 (actually it is passing through EAP frames to …
sharlino
  • 33
  • 1
  • 4
2
votes
1 answer

Does EAP exist as an independent authentication protocol, or just as a framework?

Does EAP exist as an authentication protocol itself, or will it only be found implemented as one of its methods (EAP-TLS, EAP-TTLS, etc)? If EAP is only a framework, what additional detail do its methods provide that allows them to be utilised? Said…
VortixDev
  • 425
  • 4
  • 10
2
votes
1 answer

Access-Challenge EAP Request

From my understanding, after the Access-Request, the authentication server (RADIUS) sends a reply (encapsulated in the Access-Challenge packet) to the authenticator (AP). The Access-Challenge packet contains an EAP Request in which it is specified…
2
votes
0 answers

Change default EAP type in hostapd

I'm trying to change the default EAP type in hostapd but I am not able to understand how to do that. Here's what I've found reading the hostapd.conf file: > # NAI Realm information > # One or more realm can be advertised. Each nai_realm line adds a…
JohnLocke
  • 41
  • 2
2
votes
0 answers

WPA2 EAP-TTLS with PAP: Does the authentication server know the password?

There's a wireless network that I sometimes need to connect to that uses WPA2 with EAP-TTLS and PAP as "inner" protocol. I've been sent a certificate file (presumably for the TTLS to work) and given a user identity and a initial password (which I…
Daniel Jour
  • 196
  • 1
  • 5
1
2 3