WLAN operating a variety of authentication methods, but the most common way for pop-up Portal login page. Namely: the user search to the operator of the AP, the connection into the access IP address, open a browser, enter the account number and password can login.
Although this method is simple, but the access does not use WEP AP, and WPA2 encryption methods such as the air channel can be easily detect crack, hackers can intercept the air transport of the account and password. So the way less secure.
How to improve the login page of this? According to the city hot spots conclusion that the majority of WLAN operators in the following programs:
1. Portal Server and the BRAS and Radius server authentication using CHAP way
2. HTTPS login page form
3. SMS the way of dynamic password
Here are three ways this city hot spots will be discussed and compared.
1. Option 1 of the authentication method is most simple and practical, but also very safe. Radius standard which provides two alternative methods of authentication: Password Authentication Protocol PAP (Password Authentication Protocol, PAP) and Challenge Handshake Protocol (Challenge Handshake Authentication Protocol, CHAP). If the two sides negotiated agreement, you can not use any authentication method. Challenge Handshake Authentication Protocol (CHAP) authentication than password authentication protocol (PAP) and more secure, because the CHAP way to send clear text passwords are not online, but sent through the digest algorithm processed sequence, also known as "Challenge Character string. "
At the same time, identity can be at any time, including both the normal communication process. Therefore, this mode has the limitation of transmission of the password.
Using PAP authentication methods, password codes or algorithm using reversible transmission, but also by looking at the login page's source code to find encryption algorithm, so you can easily find the crack algorithms. The CHAP uses MD5 encryption method is not reversible, the algorithm is public, that listener can not result from the encrypted password to compute, in the whole certification process only Radius server and the user knows the password, including the BRAS, etc. access devices only after the results of transmission MD5 encryption, encryption of a challenge by way of value, not the same for each authentication, encryption of the result is different each time, even if hackers get, the next certification will lapse.
2. Https login page form, safety is the highest, because the dynamic SSL certificate encryption, currently unable to decipher, but the need to purchase the official portal web server certificate, the cost is relatively high.
3. At present the majority of mobile operators, mobile phone text messages by means of dynamic password, the password is only effective in 10-20 minutes, this way and CHAP security mechanism would be similar, are restrictions on the password using the effective period of this instrument. Although this method safe, but at least use a text message every time, also with an increasing cost and means of relatively complicated operation.
Through this demonstration, the city hot spots that the three way independent of each other, and do not conflict, is to improve operator safety a good method of authentication can also be mixed. Broadband billing as the first brand, urban hot spots to provide total solutions are covered in three ways, according to the user's needs best, and avoid weaknesses, in order to achieve optimal results!