This is a great pretext to speak about this magical EAP method.
While it is useful in a lot of architecture, nextgens (my supervisor) model was:
- His private LAN wifi :D
- Open-but-secure wifi, like for an hacker event
Why use this EAP method on those WiFi network instead of another one?
If you have read (and you should have) the slides from the talk that Joshua Wright and Brad Antoniewicz gave at Shmoocon 2008, entitled PEAP: Pwned Extensible Authentication Protocol, you know that you want to avoid EAP-MD5, LEAP, EAP-OTP, EAP-GTC, EAP-FAST, PEAP, EAP-TTLS, EAP-MSCHAPv2. To this list, I'd like to add EAP-TLS, since it requires a PKI for servers and clients, and EAP-SIM, EAP-AKA since both require additional components.
You may argue that they are not all completely broken, but so far, I never saw a secure and usable deployment of the non-broken ones.
Also, most of them does not provide forward-secrecy.
EAP-PWD provides everything that is required by RFC 4017 like mutual authentication, resistance to dictionary attacks, and replay protection, but also forward secrecy, session-independence, resistance to active, passive, denial of service, Denning-Sacco and dictionary attacks, with only a login and a password, who can be low-entropy.
Pretty cool huh? Check the RFC 5931 if you don't trust me.
Here is how you can use it for your hacker-event:
- Generate a stack of login/passwords
- Throw them into a database
- Plug it behind your RADIUS servers (Yes, FreeRADIUS supports EAP-PWD)
- Pile the stack of login/password on a table at the entrance of your event, so people can help themselves
- Congrats, you're now providing super-secure wifi!