WPA2 and RSN, eduroam
I'm a univ student and our univ seems to have, what seems to me an excellent solution for WiFi which I would like to implement on my own home network so some clarification of ideas please.
When you look at the WiFi ESSID in airodump it show as its simply OPN network. Anyone can connect to it, however when you try to access the IN, you get a SSL web page which redirects you to a login page. The following URL is generated, I have dummied the mac/ip. Example here assumes you had typed : xyz com
arubanetworksDOTcom upload index.html?cmd=login&mac=00:21:5d:88:e4:21&ip=nnn. nnn.nnn.nn&essid=wifi.ub.edu&url= xyz com
[due to stupid forum rules, cannot post URL ]
If your UID/pw are correct you are associated with the BSSID/AP and you can surf. If you wish to use the desktops at the univ then they use say WXP or W2k workstations and a pGina sign-in screen. You can use the same UID/pw you use for your WiFi connection and I guess they use a RADIUS server to authenticate you.
Q1. Am I correct in thinking that if the n/w is OPN its not using WPA2 and that the authentication is being done by a RADIUS server? Or is WPA2 a framework not just a crypto standard/protocol? So can someone clarify that WPA2 unless its PSK can actually use the redirected method of login explained above? Sorry if I am butchering terminology.
Q2. Does this mean that since the signon page is using https and is secure, it is not possible to sniff and crack the user credentials (UID/pw) ?
Q3. Would it be easy to implement such a scheme for a home n/w with say 3 workstations connected to an AP and a seperate PC acting as a RADIUS server?
A second setup relates to eduroam, which is the European wide infrastructure which enables participating universities to give IN access to visitors from other universities. When I use airodump-ng to view the ESSID I get:
ENC CIPHER AUTH ESSID
WPA TKIP MGT eduroam
Under NetworkManger the ESSID is listed as:
[When the 802.11i standard is ratified Robust Security Network - RSN (WPA2) compatible equipment will begin to appear. 802.11i (WPA2) will be the most robust, scalable, and secure solution and will appeal particularly to enterprise users where key management and administration has been a major headache.]
In order to login to eduroam you need to specify your UID@<home realm/doman> / pw.
Q4. So the confusion I have is, I understand that RSN seems to be a framework for WPA2, and incorporates several layers of authentication, So in this scheme am I correct in thinking that you could not crack this scheme as its using a UID/pw to authenticate the user?
Where I am confused is that I have looked at the pre-hashed tables produced by offensive-security and they have one called eduroam.wpa.
So I understand that for WPA2 you need to create a seperate table for each ESSID you are trying to crack based on your wordlist and that the passphrase must exist in your table, However if the user has to supply an additional UID/pw and so MAC address of the station/laptop is not being used as a parmeter for access allowance. So does that mean that the eduroam.wpa table would be useless in cracking the eduroam ESSID?
Also could someone clarify how to use the .wpa tables? I couldn't find an option to specify a hash file in aircrack-ng, and the -d option in cowpatty seems to be for generating a table not using it? How can I get aircrack-ng or cowpatty to use the eduroam.wpa table?