I want to know how to share a network of WPA2 enterprise with EAP-TLS, authenticating users with a common certificate. They share the same certificate. I'm afraid they can monitor each other. Is that possible? In EAP-TLS, do clients encrypt their packets with their own certificates or other session keys or else? Actually, the packets in WPA2 are all encrypted, but how?
Asked
Active
Viewed 443 times
1 Answers
2
I'm afraid they can monitor each other. Is that possible?
yes, it is possible. Clients use their certificate to protect session key. Therefore, if clients share the same certificate with the same private key -- they can intercept and decrypt the session key and, eventually, all encrypted data.
In EAP-TLS, do clients encrypt their packets with their own certificates or other session keys or else?
packets are encrypted by a session key which is shared between client and server. After peers successfully authenticate each other, a session key is generated. Generated session key is encrypted by a peer's public key. That is, when server encrypts something with client's public key, only corresponding private key holder can decrypt it. In your case, all certificate holders will be able to decrypt it.
As the result, sharing the same certificate and private key among clients isn't a very good idea.
Crypt32
- 6,414
- 1
- 13
- 32
-
Thanks. It comes very clear. That's why the public Wi-Fi doesn't use EAP-TLS. – jumeno Dec 08 '14 at 08:41