2
0
I'm wondering what the relative security of RADIUS is compared to using a PSK.
I know that when using Radius a unique session key is established, whereas with a PSK the same session key is used for everyone, so on that basis Radius seems more secure.
However, to authenticate against a Radius network you only need a Windows account's credentials - which could have a much weaker username/password combination than PSK - so an attacker trying to get in by brute-forcing could potentially get in quicker with Radius than a PSK (a 256-bit PSK is harder to derive than a 4 character username with an 8 character password).
Right now my wireless network only really has myself as a regular user and a couple of others who use it occasionally, and the network is configured using WPA2-Radius (against my home Active Directory) - it's only a residential network and I don't believe it's going to be a target, but you never know what the geeky kid living round the corner is plotting...
Not sure whether PSK vs RADIUS are the only options you are looking for. You might also want to enable whitelisted MAC based filtering. That way, even if someone finds out your password, they can't join your network since your wireless router will drop connection due to MAC mismatch. – Prasanna – 2019-03-12T04:52:13.860
1If you are using radius, then typically your user-database will have account lockout systems in place that will disable the account for a largish period if time after a relatively small threshold of attempts. You get 7 tries every 2 hours at one location I am aware of. A brute-force where you try only ~200-300 possibilities per day isn't going to work out so well, plus you will most likely be leaving huge logs of your activities. – Zoredache – 2012-02-10T01:14:22.620