undefined | Better HN

0 pointsazernik8y ago0 comments

WPA2 Enterprise use a central RADIUS server for authentication, with separate credentials for each user, and a (separately-distributed) certificate for the server.

It's just not practical for consumer and small-business setups.

0 comments

gsich8y ago

Somewhat true. Setting up a Freeradius is not hard. Problem is that you need another device that is running 24/7.

dogma11388y ago

The RADIUS server can run on the router/AP without compromising practical security in most cases.

azernikOP8y ago

The bit that's less practical for consumer setup is more the cert distribution and setup of separate credentials for each user. (The RADIUS server could even be built into the router in a consumer product.)

gsich8y ago

That's not needed, trust on first connect.

1 more reply

j / k navigate · click thread line to collapse

0 pointsazernik8y ago0 comments

WPA2 Enterprise use a central RADIUS server for authentication, with separate credentials for each user, and a (separately-distributed) certificate for the server.

It's just not practical for consumer and small-business setups.

0 comments

gsich8y ago

Somewhat true. Setting up a Freeradius is not hard. Problem is that you need another device that is running 24/7.

dogma11388y ago

The RADIUS server can run on the router/AP without compromising practical security in most cases.

azernikOP8y ago

gsich8y ago

That's not needed, trust on first connect.

1 more reply

j / k navigate · click thread line to collapse