Shmoocon Wi-Fi 2025

The shmoocon-wpa network uses WPA-PEAP Enterprise Authentication; this means to use the encrypted network, you’ll need to create a login.

Create a login for the shmoocon-wpa network.

How do I configure my system to use the shmoocon-wpa network?

Here’s some quick guides for different operating systems:

• Linux
• OSX
• iOS
• Android
• Windows

What if I forgot my username or password?

Just make another.

Why does Shmoocon use WPA Enterprise?

WPA Enterprise is much harder to set up than normal WPA with passwords, so why are we using it?

There is a major problem with traditional WPA: it assumes that the password is kept secret. This works just fine for private home networks where only a handful of trusted people know the WPA password; If the password is publicly known, it’s trivial to spoof the Wi-Fi network and bring up hostile access points.

To offer a more secure wireless network, Shmoocon uses the Enterprise variant of WPA, specifically WPA-PEAP. This uses radius (a user authentication server) in the backend, and instead of authenticating by the WPA password, it authenticates by a username and password and the SSL certificate of the radius server. By configuring your system to trust ONLY this certificate, it’s much harder to spoof the shmoocon-wpa network.

The PEAP login requires a username and password, which is why we ask you to create one here; the login keeps the radius server happy. You do NOT need to provide your real name, real preferred account, or any other information - you only need to make some combination of username and password that you remember. In fact, we recommend you do NOT use personally identifiable account names, and you should never re-use passwords!

Why do I have to install a certificate?

Different operating systems handle the radius authentication differently; Fortunately, modern platforms do not require you install the certificate system-wide. The certificate you install should be used for Wi-Fi only, and some operating systems are able to use the fingerprint of the certificate without having to install the complete certificate at all.

Older operating systems, like Windows 7, require installation of the certificate system-wide as a trusted certificate authority. If you’re using an older system, you should strongly consider using the shmoocon-open network and a VPN, instead.

How secure is the WPA network?

If your laptop is configured properly (specifically, configured to ONLY trust the radius certificate from this site), it will be very difficult for someone to directly attack your Wi-Fi connection, but PLEASE REMEMBER: This is still a hacker con network. We can only do so much to protect traffic… assuming you trust US in the first place!

If you misconfigure your system, such as not configuring the SSL certificate for the radius connection, it becomes possible to man-in-the-middle your connection, so be sure to follow the directions!

Once your traffic leaves the Shmoocon network, it is handed off to the hotel infrastructure and the hotel ISP, which of course we cannot provide assurances for.

We STRONGLY recommend you use a VPN, SSH, or other strong encryption - which isn’t just a good idea at a con, but in general.

VPN

We STRONGLY recommend you use a VPN, SSH tunneling, or other strong encryption, regardless of if you use the open Wi-Fi network or the WPA network. It’s not just a good idea at a con, but in general.

There are plenty of commercial VPN services out there, or you can easily create your own; some good resources include:

• Digital Ocean OpenVPN, an excellent tutorial for getting OpenVPN running on a DO Droplet (or on any other system)
• AlGo, the Trail of Bits automatic IPSec VPN provisioning tool