[telgareith]

Or just enable "WPA-enterprise" and have it rotate keys. Then you not only have device certificates, you also have per user authentication. And if somebody missed it- rotating keys. They can change faster than they can be cracked. Then you can also layer VPNs ontop of that...

All of which are standard, well known, and proven solutions.

What does that repo offer? With 400 stars, I doubt anybody has given it serious attention.

[sigmoid10]

You make it sound like you just have to flip a switch in your router's settings to enable it, but that is very far from the truth. For that to work you need a RADIUS server to handle credentials, a certificate authority if you want any useful kind of authenticity checks, a process for distributing said certificates and finally you need to configure all your access points. This is something that companies can (and should) have, but for home users it is overkill. Since this repo specifically targets home users, I suspect there is a place for this among enthusiasts who can't or don't want to go all the way on their home network.

[rurban]

No radius server needed, the builtin kernel module for wifi access points can do that easily.

[BenjiWiebe]

Do you mean hostapd? I'm not aware of any builtin kernel/modules doing AP stuff.

[rurban]

Right, hostapd. It has the radius functionality builtin you'd need for proper wifi enterprise functionality

[ewuhic]

Getting hostapd to work is ass in itself.

[rurban]

Yes, but much easier than with a full radius server