Is RADIUS more secure than PSK?

wireless-networking wpa2-psk
8,334

RADIUS is the better option provided secure (ie long) passwords / passphrases are used and a sensible lock out policy is in place.

The main reason for this is that for RADIUS, you need to interact with an authentication service to test a password, and so once you are locked out, that is the end of your attempt to breach.

With PSK, all you need to do is capture enough handshakes that you can take offline and bruteforce it. In other words, the bruteforcing of a PSK is done without any interaction with the AP once the requisite handshakes are captured, and so are undetectable. You would be totally unaware of it. Combine this with the difficulty in changing a PSK and rolling out a new one.

Share:
8,334

Related videos on Youtube

Khalid
Author by

Khalid

I'm Dai, I'm currently a software engineer in Seattle doing the rounds on a variety of startups. I'm mostly familiar with the .NET stack. (Just don't call me a "full-stack" engineer - there's more to software than a "back-end" vs. "front-end" dichotomy: think about embedded and robotics, industrial control, avionics, systems programming with Rust, and so on!) Prior to the startup scene I was gainfully employed at Microsoft as a Software Engineer for the Chakra JavaScript engine (Edge and Internet Explorer), prior to that I worked on Expression Blend and Visual Studio. I like to think I have extensive experience in C# and the .NET Framework, and modest experience in C++. Prior to Microsoft I worked on web-applications and web-services using ASP.NET Web Forms, ASP.NET MVC, and WCF. I also have experience in PHP, Java and other non-Microsoft platforms and technologies for which I'm happy to answer questions about. Also: Everything is terrible. Life is short and love is always over in the morning.

Updated on September 18, 2022

Comments

  • Khalid
    Khalid almost 2 years

    I'm wondering what the relative security of RADIUS is compared to using a PSK.

    I know that when using Radius a unique session key is established, whereas with a PSK the same session key is used for everyone, so on that basis Radius seems more secure.

    However, to authenticate against a Radius network you only need a Windows account's credentials - which could have a much weaker username/password combination than PSK - so an attacker trying to get in by brute-forcing could potentially get in quicker with Radius than a PSK (a 256-bit PSK is harder to derive than a 4 character username with an 8 character password).

    Right now my wireless network only really has myself as a regular user and a couple of others who use it occasionally, and the network is configured using WPA2-Radius (against my home Active Directory) - it's only a residential network and I don't believe it's going to be a target, but you never know what the geeky kid living round the corner is plotting...

    • Zoredache
      Zoredache over 12 years
      If you are using radius, then typically your user-database will have account lockout systems in place that will disable the account for a largish period if time after a relatively small threshold of attempts. You get 7 tries every 2 hours at one location I am aware of. A brute-force where you try only ~200-300 possibilities per day isn't going to work out so well, plus you will most likely be leaving huge logs of your activities.
    • Prasanna
      Prasanna over 5 years
      Not sure whether PSK vs RADIUS are the only options you are looking for. You might also want to enable whitelisted MAC based filtering. That way, even if someone finds out your password, they can't join your network since your wireless router will drop connection due to MAC mismatch.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

No WPA2 option in Windows XP SP3
How can I make hostapd WPA2 work?
"Windows cannot connect hidden wireless network" on re-connecting to company network
How can i configure my wpa_supplicant.conf?
"Wifi network not secure" notification with WPA2 Personal
How to add support for wireless networking WPA2-PSK [AES] on Windows
Is there any way to log incorrect password attempts on Wi-Fi networks
wpa_supplicant - detecting that my password is incorrect?
What is PMKID? Why would even a router give away the PMKID to an unauthorized stranger?
What are the technical requirements for a WPA-PSK passphrase?