首页 发现 帮助
注册 登录
jeremy
/
HON95-wiki
镜像自地址 https://github.com/HON95/wiki
1
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Add TMP dot1x and WPA3 notes

Håvard Ose Nordstrand 2 年之前
父节点
813f34b587
当前提交
0932c73e4f
共有 3 个文件被更改,包括 35 次插入0 次删除
合并视图 显示文件统计
  1. 2 0
      index.md
  2. 17 0
      networking/dot1x-eap.md
  3. 16 0
      networking/wpa.md

+ 2 - 0
index.md
查看文件 

@@ -105,6 +105,7 @@ _(Alphabetically sorted, so the ordering might seem a bit strange.)_
 
 - [Cisco IOS General](/networking/cisco-ios-general/)
 
 - [Cisco IOS General](/networking/cisco-ios-general/)
 
 - [Cisco IOS Routers](/networking/cisco-ios-routers/)
 
 - [Cisco IOS Routers](/networking/cisco-ios-routers/)
 
 - [Cisco IOS Switches](/networking/cisco-ios-switches/)
 
 - [Cisco IOS Switches](/networking/cisco-ios-switches/)
 
+- [802.1X/dot1x & EAP](/networking/dot1x-eap/)
 
 - [FS FSOS Switches](/networking/fs-fsos-switches/)
 
 - [FS FSOS Switches](/networking/fs-fsos-switches/)
 
 - [General](/networking/general/)
 
 - [General](/networking/general/)
 
 - [IPv4 Theory](/networking/ipv4/)
 
 - [IPv4 Theory](/networking/ipv4/)
 
@@ -124,6 +125,7 @@ _(Alphabetically sorted, so the ordering might seem a bit strange.)_
 
 - [Ubiquiti UniFi Controllers](/networking/ubiquiti-unifi-controllers/)
 
 - [Ubiquiti UniFi Controllers](/networking/ubiquiti-unifi-controllers/)
 
 - [VyOS](/networking/vyos/)
 
 - [VyOS](/networking/vyos/)
 
 - [WLAN Theory](/networking/wlan/)
 
 - [WLAN Theory](/networking/wlan/)
 
+- [Wi-Fi Protected Access (WPA)](/networking/wpa/)
 
 - [Zero Trust Networking](/networking/zero-trust/)
 
 - [Zero Trust Networking](/networking/zero-trust/)
 
 
 
 ## Personal Devieces
 
 ## Personal Devieces

+ 17 - 0
networking/dot1x-eap.md
查看文件 

@@ -0,0 +1,17 @@
 
+---
 
+title: 802.1X/dot1x & EAP
 
+breadcrumbs:
 
+- title: Network
 
+---
 
+{% include header.md %}
 
+
 
+## TODO
 
+
 
+- WPA Enterprise w/o provider certificate validation is unsafe?
 
+- PEAP encapsulates inner authentication method, e.e. EAP-MSCHAPv2, using e.g. TLS.
 
+- MS-CHAPv2 is old and uses DES.
 
+- Both PEAP and MS-CHAPv2 provide mutual authentication and don't transmit the password in plaintext.
 
+- EAP-TLS requires the client device to have both the provider cert and a provider-provided client cert (with private key).
 
+- PEAPv0 with EAP-MSCHAPv2 without CA cert validation = bad and crackable.
 
+
 
+{% include footer.md %}

+ 16 - 0
networking/wpa.md
查看文件 

@@ -0,0 +1,16 @@
 
+---
 
+title: Wi-Fi Protected Access (WPA)
 
+breadcrumbs:
 
+- title: Network
 
+---
 
+{% include header.md %}
 
+
 
+## TODO
 
+
 
+- WPA3 stuff:
 
+    - Uses simultaneous authentication of equals (SAE) instead of pre-shared key (PSK). SAE is a password-authenticated key agreement method based on the Diffie–Hellman key exchange, providing increased security and forward secrecy. It avoids the WPA2 Personal KRACK vulnerability which allowed offline password cracking if the initial handshake was captured. It has however been found to be imperfect by Mathy Vanhoef (author of the KRACK attack) and Eyal Ronen.
 
+    - Modes: Personal, Enterprise, Enhanced Open
 
+    - Personal and Enterprise is just like for WPA2, but with improved WPA3 security.
 
+    - Enhanced Open is new, opportunistic wireless encryption (OWE) for passwordless WLANs. This prevents snooping, as is trivially doable for WPA2 open WLANs.
 
+
 
+{% include footer.md %}