2 سال پیش · 0932c73e4f
--- a/index.md
+++ b/index.md
@@ -105,6 +105,7 @@ _(Alphabetically sorted, so the ordering might seem a bit strange.)_
 
				 - [Cisco IOS General](/networking/cisco-ios-general/)
			
 
				 - [Cisco IOS Routers](/networking/cisco-ios-routers/)
			
 
				 - [Cisco IOS Switches](/networking/cisco-ios-switches/)
			
 
				+- [802.1X/dot1x & EAP](/networking/dot1x-eap/)
			
 
				 - [FS FSOS Switches](/networking/fs-fsos-switches/)
			
 
				 - [General](/networking/general/)
			
 
				 - [IPv4 Theory](/networking/ipv4/)
			
@@ -124,6 +125,7 @@ _(Alphabetically sorted, so the ordering might seem a bit strange.)_
 
				 - [Ubiquiti UniFi Controllers](/networking/ubiquiti-unifi-controllers/)
			
 
				 - [VyOS](/networking/vyos/)
			
 
				 - [WLAN Theory](/networking/wlan/)
			
 
				+- [Wi-Fi Protected Access (WPA)](/networking/wpa/)
			
 
				 - [Zero Trust Networking](/networking/zero-trust/)
			
 
				 
			
 
				 ## Personal Devieces
			
--- a/networking/dot1x-eap.md
+++ b/networking/dot1x-eap.md
@@ -0,0 +1,17 @@
 
				+---
			
 
				+title: 802.1X/dot1x & EAP
			
 
				+breadcrumbs:
			
 
				+- title: Network
			
 
				+---
			
 
				+{% include header.md %}
			
 
				+
			
 
				+## TODO
			
 
				+
			
 
				+- WPA Enterprise w/o provider certificate validation is unsafe?
			
 
				+- PEAP encapsulates inner authentication method, e.e. EAP-MSCHAPv2, using e.g. TLS.
			
 
				+- MS-CHAPv2 is old and uses DES.
			
 
				+- Both PEAP and MS-CHAPv2 provide mutual authentication and don't transmit the password in plaintext.
			
 
				+- EAP-TLS requires the client device to have both the provider cert and a provider-provided client cert (with private key).
			
 
				+- PEAPv0 with EAP-MSCHAPv2 without CA cert validation = bad and crackable.
			
 
				+
			
 
				+{% include footer.md %}
			
--- a/networking/wpa.md
+++ b/networking/wpa.md
@@ -0,0 +1,16 @@
 
				+---
			
 
				+title: Wi-Fi Protected Access (WPA)
			
 
				+breadcrumbs:
			
 
				+- title: Network
			
 
				+---
			
 
				+{% include header.md %}
			
 
				+
			
 
				+## TODO
			
 
				+
			
 
				+- WPA3 stuff:
			
 
				+    - Uses simultaneous authentication of equals (SAE) instead of pre-shared key (PSK). SAE is a password-authenticated key agreement method based on the Diffie–Hellman key exchange, providing increased security and forward secrecy. It avoids the WPA2 Personal KRACK vulnerability which allowed offline password cracking if the initial handshake was captured. It has however been found to be imperfect by Mathy Vanhoef (author of the KRACK attack) and Eyal Ronen.
			
 
				+    - Modes: Personal, Enterprise, Enhanced Open
			
 
				+    - Personal and Enterprise is just like for WPA2, but with improved WPA3 security.
			
 
				+    - Enhanced Open is new, opportunistic wireless encryption (OWE) for passwordless WLANs. This prevents snooping, as is trivially doable for WPA2 open WLANs.
			
 
				+
			
 
				+{% include footer.md %}