I'm wondering what the relative security of RADIUS is compared to using a PSK.
I know that when using Radius a unique session key is established, whereas with a PSK the same session key is used for everyone, so on that basis Radius seems more secure.
However, to authenticate against a Radius network you only need a Windows account's credentials – which could have a much weaker username/password combination than PSK – so an attacker trying to get in by brute-forcing could potentially get in quicker with Radius than a PSK (a 256-bit PSK is harder to derive than a 4 character username with an 8 character password).
Right now my wireless network only really has myself as a regular user and a couple of others who use it occasionally, and the network is configured using WPA2-Radius (against my home Active Directory) – it's only a residential network and I don't believe it's going to be a target, but you never know what the geeky kid living round the corner is plotting…
Best Answer
RADIUS is the better option provided secure (ie long) passwords / passphrases are used and a sensible lock out policy is in place.
The main reason for this is that for RADIUS, you need to interact with an authentication service to test a password, and so once you are locked out, that is the end of your attempt to breach.
With PSK, all you need to do is capture enough handshakes that you can take offline and bruteforce it. In other words, the bruteforcing of a PSK is done without any interaction with the AP once the requisite handshakes are captured, and so are undetectable. You would be totally unaware of it. Combine this with the difficulty in changing a PSK and rolling out a new one.