0

Possible Duplicate:
How can I ensure that I connect to the right wireless Access Point?

Is it true, that WLAN routers aren't authenticated by clients? The only "authentication" is SSID and field strength?

chris
  • 9
  • 1
  • Just found an interesting link: http://www.andrewmccormack.com/index.php?option=com_content&view=article&id=108:why-wpa-doesnt-protect-you-against-sidejacking&catid=35:security It's only secure as long as the PSK isn't known. If it is known like in many hotels, there's no router authentication. – chris Jun 11 '11 at 21:14

1 Answers1

0

The SSID is more about identification of the network, not authentication.

Wireless authentication is done usually in either of these 3 ways:

  • Open System authentication: no authentication done

  • Shared Key authentication: Done with cryptographic handshakes between client and AP based on some shared secret - of course trust is on the assumption that the key is shared only between these two parties. In WPA/WPA2 there is mutual authentication, in WEP only client authentication is done.

  • EAP authentication: Using a radius server, different ways it can be done, can be based on certificates etc, no need for one shared secret for everyone. Mutual authentication is usually done.

john
  • 10,998
  • 1
  • 36
  • 43
  • Is this authentication used by common clients and SOHO Routers? I've never seen a certificate or key. Is it automatically saved after first login? – chris Jun 11 '11 at 21:05
  • If wpa/wpa2 is used then there is going to be a key or certificate of some sort. Are you talking about open wifi networks that don't use such mechanisms? – john Jun 11 '11 at 21:11
  • Yes or if the attacker got the PSK. Added a link to my question above. Quite interesting... – chris Jun 11 '11 at 21:15
  • Edited the answer to cover more possibilities. – john Jun 11 '11 at 21:26