Title: EAP-PWD - Wifi security done right
Date:2015-05-03 21:00

During my [internship in London]({filename}/misc/london.md),
I wrote some (trivial) [patches]( http://gnome-networkmanager.2324886.n4.nabble.com/EAP-PWD-td22919.html )
to get [EAP-PWD]( https://en.wikipedia.org/wiki/EAP-PWD ) support in 
[Network-Manager]( https://wiki.gnome.org/Projects/NetworkManager/ ) (Which has a pretty clean code btw.),
and it's now available into the latest (15.04) Ubuntu!

This is a great pretext to speak about this *magical* 
[EAP]( https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol ) method.

While it is useful in a lot of architecture,
[nextgens]( http://florent.daigniere.com/ ) (my supervisor) model was:

- His private LAN wifi :D
- Open-but-secure wifi, like for an hacker event

Why use this EAP method on those WiFi network instead of another one?

If you have read (and you should have) the slides from the talk
that Joshua Wright and Brad Antoniewicz gave at [Shmoocon]( http://www.shmoocon.org/ ) 2008,
entitled [PEAP: Pwned Extensible Authentication Protocol]({static}/files/PEAP.pdf),
you know that you want to avoid *EAP-MD5, LEAP, EAP-OTP, EAP-GTC,
EAP-FAST, PEAP, EAP-TTLS, EAP-MSCHAPv2*.
To this list, I'd like to add *EAP-TLS*, since it requires a PKI for servers and clients,
and *EAP-SIM*, *EAP-AKA* since both require additional components.

You may argue that they are not all completely broken,
but so far, I **never** saw a secure and usable deployment of the non-broken ones.

Also, most of them does not provide forward-secrecy.

EAP-PWD provides everything that is required by
[RFC 4017]( https://www.ietf.org/rfc/rfc4017.txt ) like
mutual authentication, resistance to dictionary attacks, and replay protection,
but also forward secrecy, session-independence,
resistance to active, passive, denial of service,
[Denning-Sacco]( https://en.wikipedia.org/wiki/Needham%E2%80%93Schroeder_protocol#Attacks_on_the_protocol )
and dictionary attacks, with only a login and a password, who can be low-entropy.

Pretty cool huh?
Check the [RFC 5931]( https://www.ietf.org/rfc/rfc5931.txt ) if you don't trust me.

Here is how you can use it for your hacker-event:

1. Generate a stack of login/passwords
2. Throw them into a database
3. Plug it behind your RADIUS servers (Yes, [FreeRADIUS]( http://freeradius.org/ ) supports EAP-PWD)
4. Pile the stack of login/password on a table at the entrance of your event, so people can help themselves
5. Congrats, you're now providing super-secure wifi!