https://spacefed.net/index.php?title=29c3&feed=atom&action=history29c3 - Revision history2024-03-29T11:28:00ZRevision history for this page on the wikiMediaWiki 1.37.1https://spacefed.net/index.php?title=29c3&diff=11&oldid=prevFederator: manual restore from archive.org2022-03-13T10:58:16Z<p>manual restore from archive.org</p>
<p><b>New page</b></p><div>__TOC__<br />
== spacenet @ 29c3 ==<br />
Spacenet is also being offered at 29c3! You can connect with your credentials from your home hackerspace (or community). If you don't have an account you can connect with these credentials:<br />
<pre><br />
Username: guest@event<br />
Password: guest<br />
<br />
Phase 1: EAP-TTLS or PEAP<br />
Phase 2: MSCHAPv2 or PAP<br />
CN = eventradius.spacefed.net<br />
CA = StartCom<br />
Fingerprint = 88:4C:4F:41:C0:24:C8:53:87:10:1E:8F:90:22:F3:67:F2:B1:32:79<br />
</pre><br />
<br />
Join us at #spacefed on irc.smurfnet.ch if you have any questions. Enjoy! :)<br />
<br />
P.S. Your link layer should be secure using spacenet if you do certificate checking, but please note that spacenet in and of itself does not protect against ethernet/layer 2 attacks. Watch out for DHCP spoofing, ARP/NDP spoofing of the gateway and rogue router advertisements!<br />
<br />
== FAQ ==<br />
=== Why is this useful? ===<br />
Spacenet is federated authentication for WiFi networks. Spacenet is about providing easy and secure "guest" WiFi access for your fellow hackers. When you have an account at a hackerspace or community you can connect to spacenet. If you do not have an account you can connect to spacenet at 29c3 with the guest credentials as noted above.<br />
<br />
Spacenet is useful because:<br />
<br />
Easy of use: configure once, use wherever available.<br />
Security: uses WPA2 Enterprise, thus dynamic keys (unlike WPA2-PSK).<br />
=== Is connecting to spacenet at 29c3 with guest-credentials more secure then connecting to the unencrypted (open) 29c3 network? ===<br />
Yes. Spacenet at 29c3 runs on the same WiFi infrastructure and backend as the 29c3-networks. Instead of providing completly unencrypted WiFi access, your data goes encrypted over-the-air encrypted by WPA2 Enterprise (CCMP/AES). Eventhough a lot of clients are using the same credentials to login to the network this is no issue.<br />
<br />
The credentials you provide are used for authorization and authentication, *not* for encryption. A temporary key is derived in the 802.1X authentication process, this is transferred in TLS. This temporary key is used to encrypt the WPA2 handshake, in this handshake the session-key is determined.<br />
<br />
In WPA2-PreSharedKey networks the temporary key is entered by the users and thus is open to attacks because the users know the key.<br />
<br />
=== Why is checking the certificate important? ===<br />
If your client does not check the certificate you cannot be sure you are actually connecting to the "correct" network. When your client is onboarded to a rogue network you are vulnerable to:<br />
<br />
Man-in-the-middle attacks (your are not connecting to the "trusted" network)<br />
Password sniffing (not really critical for guest credentials): with PAP your password goes encrypted over the air and with MSCHAPv2 your password will be reversible within a reasonable amount of time.<br />
== Certificate ==<br />
Please check the certificate!<br />
<br />
<pre><br />
Certificate:<br />
Data:<br />
Version: 3 (0x2)<br />
Serial Number: 53618 (0xd172)<br />
Signature Algorithm: sha1WithRSAEncryption<br />
Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 2 Primary Intermediate Server CA<br />
Validity<br />
Not Before: May 19 10:43:10 2012 GMT<br />
Not After : May 20 01:28:11 2014 GMT<br />
Subject: description=BEXj6vlnNl3Q294m, C=NL, ST=Utrecht, L=Amersfoort, O=Arjan Koopen, CN=eventradius.spacefed.net/emailAddress=hostmaster@spacefed.net<br />
Subject Public Key Info:<br />
Public Key Algorithm: rsaEncryption<br />
RSA Public Key: (2048 bit)<br />
Modulus (2048 bit):<br />
00:a3:4b:77:d5:4c:a7:fa:5a:a0:3b:23:af:24:53:<br />
b1:eb:11:4e:5b:b7:05:72:10:ee:18:0c:0b:6d:d0:<br />
9d:74:aa:23:7e:0b:df:1e:ef:99:3a:02:77:de:e5:<br />
9f:86:75:26:89:21:43:08:00:08:92:d5:75:a3:83:<br />
24:17:66:d1:0f:e3:15:e6:d2:bf:f9:71:cc:e5:f7:<br />
00:56:8f:0c:2a:3a:da:1d:e4:83:bb:8e:af:bd:c0:<br />
cd:dc:d7:84:67:84:b0:61:d7:17:d9:b3:a5:65:cd:<br />
c9:5f:61:c3:5d:68:b9:3c:c1:cd:f9:2b:84:45:59:<br />
38:9f:8e:52:c4:91:e2:92:fa:30:3f:5b:df:18:61:<br />
f0:4b:12:0f:76:ce:98:5b:19:c9:ce:2c:81:c9:8c:<br />
19:00:92:ca:2b:d9:9f:dc:5e:1f:2d:f7:c2:eb:45:<br />
3c:e0:02:3a:28:67:58:db:4e:74:4d:f0:f1:bb:7b:<br />
8c:04:63:ac:19:8d:68:21:27:dc:b3:c8:38:2c:73:<br />
0a:8a:4f:61:42:b5:23:6f:b1:45:ee:c8:f9:52:3a:<br />
c7:c0:b7:b9:0e:a3:9b:c9:e4:34:5b:33:d8:09:5b:<br />
07:c6:22:df:84:36:76:11:7c:2d:86:92:63:fe:5c:<br />
02:88:e2:af:36:ef:c5:bc:0b:bd:2d:39:a9:4b:5d:<br />
bf:95<br />
Exponent: 65537 (0x10001)<br />
X509v3 extensions:<br />
X509v3 Basic Constraints: <br />
CA:FALSE<br />
X509v3 Key Usage: <br />
Digital Signature, Key Encipherment, Key Agreement<br />
X509v3 Extended Key Usage: <br />
TLS Web Client Authentication, TLS Web Server Authentication<br />
X509v3 Subject Key Identifier: <br />
99:DF:40:9A:A9:CB:D6:ED:B6:77:56:52:7B:E2:CC:BA:69:90:BB:AA<br />
X509v3 Authority Key Identifier: <br />
keyid:11:DB:23:45:FD:54:CC:6A:71:6F:84:8A:03:D7:BE:F7:01:2F:26:86<br />
<br />
X509v3 Subject Alternative Name: <br />
DNS:eventradius.spacefed.net, DNS:spacefed.net<br />
X509v3 Certificate Policies: <br />
Policy: 1.3.6.1.4.1.23223.1.2.2<br />
CPS: http://www.startssl.com/policy.pdf<br />
CPS: http://www.startssl.com/intermediate.pdf<br />
User Notice:<br />
Organization: StartCom Certification Authority<br />
Number: 1<br />
Explicit Text: This certificate was issued according to the Class 2 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.<br />
User Notice:<br />
Organization: StartCom Certification Authority<br />
Number: 2<br />
Explicit Text: Liability and warranties are limited! See section "Legal and Limitations" of the StartCom CA policy.<br />
<br />
X509v3 CRL Distribution Points: <br />
URI:http://crl.startssl.com/crt2-crl.crl<br />
<br />
Authority Information Access: <br />
OCSP - URI:http://ocsp.startssl.com/sub/class2/server/ca<br />
CA Issuers - URI:http://aia.startssl.com/certs/sub.class2.server.ca.crt<br />
<br />
X509v3 Issuer Alternative Name: <br />
URI:http://www.startssl.com/<br />
Signature Algorithm: sha1WithRSAEncryption<br />
40:f1:ba:16:4a:ef:23:50:69:c2:dd:a8:e6:b1:2e:4a:e0:37:<br />
c3:b6:97:64:01:e7:93:4f:ef:06:3f:c1:75:13:a5:cd:92:15:<br />
12:fd:16:87:bd:ca:5b:35:a0:97:de:3b:4d:0a:75:ad:df:af:<br />
5b:03:56:db:6d:7f:61:42:00:fd:ac:ee:91:35:53:64:f9:07:<br />
8a:2a:2f:07:b2:c7:b0:4b:8e:ba:63:18:7f:aa:6a:28:f3:79:<br />
bf:9d:45:79:7c:37:3b:58:67:52:5a:1f:5b:4e:f5:ba:48:4a:<br />
ca:2e:68:43:52:6f:86:9a:0f:f6:83:ed:93:78:1f:d6:fb:50:<br />
c9:38:02:df:46:8b:00:bf:43:fc:d2:d8:d1:35:3e:ab:8c:44:<br />
17:bd:6c:c1:e1:a8:18:b2:7c:98:8b:2d:d2:6d:6c:ec:a1:6b:<br />
88:d7:ee:d6:b0:97:68:52:c1:49:90:45:63:af:9d:9c:ab:77:<br />
b0:73:7f:03:ec:c9:51:c8:42:92:c4:d6:a2:e0:de:dc:04:bc:<br />
74:3d:ce:20:8d:70:e4:c5:51:e5:04:26:ad:dc:82:c3:85:33:<br />
cc:d1:88:32:17:dd:b0:74:c0:0a:11:4c:e7:5e:b5:64:7c:33:<br />
9f:48:e7:94:bd:8b:5b:09:6c:5f:23:31:97:04:ee:47:b2:4e:<br />
f9:9a:bd:55<br />
-----BEGIN CERTIFICATE-----<br />
MIIHfjCCBmagAwIBAgIDANFyMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ<br />
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0<br />
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg<br />
MiBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTIwNTE5MTA0MzEw<br />
WhcNMTQwNTIwMDEyODExWjCBsTEZMBcGA1UEDRMQQkVYajZ2bG5ObDNRMjk0bTEL<br />
MAkGA1UEBhMCTkwxEDAOBgNVBAgTB1V0cmVjaHQxEzARBgNVBAcTCkFtZXJzZm9v<br />
cnQxFTATBgNVBAoTDEFyamFuIEtvb3BlbjEhMB8GA1UEAxMYZXZlbnRyYWRpdXMu<br />
c3BhY2VmZWQubmV0MSYwJAYJKoZIhvcNAQkBFhdob3N0bWFzdGVyQHNwYWNlZmVk<br />
Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNLd9VMp/paoDsj<br />
ryRTsesRTlu3BXIQ7hgMC23QnXSqI34L3x7vmToCd97ln4Z1JokhQwgACJLVdaOD<br />
JBdm0Q/jFebSv/lxzOX3AFaPDCo62h3kg7uOr73AzdzXhGeEsGHXF9mzpWXNyV9h<br />
w11ouTzBzfkrhEVZOJ+OUsSR4pL6MD9b3xhh8EsSD3bOmFsZyc4sgcmMGQCSyivZ<br />
n9xeHy33wutFPOACOihnWNtOdE3w8bt7jARjrBmNaCEn3LPIOCxzCopPYUK1I2+x<br />
Re7I+VI6x8C3uQ6jm8nkNFsz2AlbB8Yi34Q2dhF8LYaSY/5cAojirzbvxbwLvS05<br />
qUtdv5UCAwEAAaOCA8AwggO8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud<br />
JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUmd9AmqnL1u22d1ZS<br />
e+LMummQu6owHwYDVR0jBBgwFoAUEdsjRf1UzGpxb4SKA9e+9wEvJoYwMQYDVR0R<br />
BCowKIIYZXZlbnRyYWRpdXMuc3BhY2VmZWQubmV0ggxzcGFjZWZlZC5uZXQwggIh<br />
BgNVHSAEggIYMIICFDCCAhAGCysGAQQBgbU3AQICMIIB/zAuBggrBgEFBQcCARYi<br />
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYo<br />
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCB9wYIKwYB<br />
BQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIB<br />
ARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhl<br />
IENsYXNzIDIgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t<br />
IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBv<br />
c2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9u<br />
cy4wgZwGCCsGAQUFBwICMIGPMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0<br />
aG9yaXR5MAMCAQIaZExpYWJpbGl0eSBhbmQgd2FycmFudGllcyBhcmUgbGltaXRl<br />
ZCEgU2VlIHNlY3Rpb24gIkxlZ2FsIGFuZCBMaW1pdGF0aW9ucyIgb2YgdGhlIFN0<br />
YXJ0Q29tIENBIHBvbGljeS4wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5z<br />
dGFydHNzbC5jb20vY3J0Mi1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsG<br />
AQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMi9zZXJ2<br />
ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRz<br />
L3N1Yi5jbGFzczIuc2VydmVyLmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3<br />
LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBAEDxuhZK7yNQacLdqOax<br />
LkrgN8O2l2QB55NP7wY/wXUTpc2SFRL9Foe9yls1oJfeO00Kda3fr1sDVtttf2FC<br />
AP2s7pE1U2T5B4oqLweyx7BLjrpjGH+qaijzeb+dRXl8NztYZ1JaH1tO9bpISsou<br />
aENSb4aaD/aD7ZN4H9b7UMk4At9GiwC/Q/zS2NE1PquMRBe9bMHhqBiyfJiLLdJt<br />
bOyha4jX7tawl2hSwUmQRWOvnZyrd7BzfwPsyVHIQpLE1qLg3twEvHQ9ziCNcOTF<br />
UeUEJq3cgsOFM8zRiDIX3bB0wAoRTOdetWR8M59I55S9i1sJbF8jMZcE7keyTvma<br />
vVU=<br />
-----END CERTIFICATE-----<br />
</pre></div>Federator