4
1
If someone wanted to get the passphrase for my WPA2 encrypted Wi-Fi access point (AP), would it be possible to set up a fake AP with the same MAC address and SSID, then when a device tries to log into the malicious AP, the malicious AP listens for my key, thus giving the operator of the malicious AP my key?
If this is possible, how can I protect myself from this kind of attack?
Paul
Posted 2013-09-14T22:43:09.003
Reputation: 698
4
Nope. WPA2's four-way handshake allows both the client and the AP to prove to each other that they both know the shared key, without either revealing to the other (or to eavesdroppers) what the shared key actually is.
The insecurities of WEP had been such a debacle and black eye for both the IEEE 802.11 working group as well as the Wi-Fi Alliance, that the IEEE made damn sure that 802.11i got proper attention from cryptographers. WPA2 is just a Wi-Fi Alliance certification and logo program guaranteeing industry interoperability of the best parts of 802.11i.
Spiff
Posted 2013-09-14T22:43:09.003
Reputation: 84 656
In short yes, move authentication away from the router – 50-3 – 2013-09-14T23:25:48.690
So, FreeRADIUS? I'm not sure what options are out there. – Paul – 2013-09-14T23:48:26.073
There are a lot of solutions out there and hopefully get somegood answers, I know of ~6 commercial solutions we use at work (6 sites with different configuration ) and come Monday I might put something together if there isn't much content generated by then – 50-3 – 2013-09-15T00:00:32.403
Given the answer you accepted I think I miss interpreted your question the owner of the malicious AP doesn't know you Key correct? – 50-3 – 2013-09-16T03:17:56.657