Comment Re:The airwaves are public not private (Score 1) 186
Yes, but in WPA2-Personal, how can the client distinguish the router from it's evil twin? If the evil twin router issues a challenge, it can probably decode the response. All the client knows to do is send the password encoded to meet the challenge. With WPA2-Enterpise the client keeps track of the router's SSL public key, so can verify the challenge is valid. The evil twin cannot send a valid challenge because it does not have the real router's private key (provided by Radius). That's how I understand it. Or "guess-understand" it! I would like to be wrong.
There a pretty simple Free Radius setup tutorial here: http://kirkkosinski.com/2012/10/securing-wi-fi-with-peap-and-freeradius-on-centos/ So I guess it just requires a hardware server and making sure your router has decent firmware to connect.