PDA

View Full Version : [OT but please someone puts me out of my misery] Using BT to authenticate w/ hostapd?



epoch1970
2016-05-13, 04:02
I was lucky last time I asked an OT question, I've asked this one elsewhere and only got (void) as an answer...

I have this Pi3 with me.
It is setup to offer an AP for local use (the range is about 15m. or so, that's what I want.)
Currently it's open to any MAC, as long as you know the password. I don't like that because of visitors and password management.

I don't want to whitelist visitors. I don't want to corral them in a sandbox. I don't want an HTTP redirect la hotspot, it doesn't resolve the password management thing.
I'd want (I think) something like WDS, but it has to work on the Pi 3 and on any type of mobile device.

Here is the idea I have that gets no response whatsoever... and I'd really like someone to tell me why this is stupid or stellar :)
1) The Pi 3 has BT built-in. BT is shorter range than wifi
2) Possible authentication scheme: start wifi + BT on mobile device, get close to the Pi. The Pi reads the BT MAC (or some device ID?) and stores it. Now connect to hostapd. Hostapd asks the BT-managing daemon if the mobile's ID is known already. If it is, let it log in for X hrs.

This would give me an "open AP" but only to people that were allowed to come close to the Pi. I am replacing digital protection with physical protection.

I can't find any software that vaguely implements this idea. Will someone here tell me why?

You can be rude. I'm French.

rkrug
2016-05-13, 04:51
epoch1970 <epoch1970.7fnmgn (AT) no-mx (DOT) forums.slimdevices.com> writes:

> I was lucky last time I asked an OT question, I've asked this one
> elsewhere and only got (void) as an answer...
>
> I have this Pi3 with me.
> It is setup to offer an AP for local use (the range is about 15m. or so,
> that's what I want.)
> Currently it's open to any MAC, as long as you know the password. I
> don't like that because of visitors and password management.
>
> I don't want to whitelist visitors. I don't want to corral them in a
> sandbox. I don't want an HTTP redirect la hotspot, it doesn't resolve
> the password management thing.
> I'd want (I think) something like WDS, but it has to work on the Pi 3
> and on any type of mobile device.
>
> Here is the idea I have that gets no response whatsoever... and I'd
> really like someone to tell me why this is stupid or stellar :)
> 1) The Pi 3 has BT built-in. BT is shorter range than wifi
> 2) Possible authentication scheme: start wifi + BT on mobile device, get
> close to the Pi. The Pi reads the BT MAC (or some device ID?) and stores
> it. Now connect to hostapd. Hostapd asks the BT-managing daemon if the
> mobile's ID is known already. If it is, let it log in for X hrs.
>
> This would give me an "open AP" but only to people that were allowed to
> come close to the Pi. I am replacing digital protection with physical
> protection.
>
> I can't find any software that vaguely implements this idea. Will
> someone here tell me why?

No idea - maybe this explains it?

http://android.stackexchange.com/questions/86593/single-authentication-for-wifi-bluetooth-and-nfc

Rainer

>
> You can be rude. I'm french.
>
>
>
> 3 SB 3 Libratone Loop, Zipp Mini iPeng (iPhone + iPad) LMS 7.9
> (linux) with plugins: CD Player, WaveInput, Triode's BBC iPlayer by bpa
> IRBlaster by Gwendesign (Felix) Server Power Control by Gordon
> Harris Smart Mix, Music Walk With Me, What Was That Tune? by Michael
> Herger PowerSave by Jason Holtzapple Song Info, Song Lyrics by
> Erland Isaksson AirPlay Bridge by philippe_44 WeatherTime by Martin
> Rehfeld Auto Dim Display, SaverSwitcher, ContextMenu by Peter Watkins.
> ------------------------------------------------------------------------
> epoch1970's Profile: http://forums.slimdevices.com/member.php?userid=16711
> View this thread: http://forums.slimdevices.com/showthread.php?t=105590
>
>

srasher
2016-05-13, 05:09
Please forgive me if this is not at all helpful but what came immediately to my mind is that there are solutions to "sending the WiFi password to a phone by NFC". So a very quick Google search gives this as the first result:

http://fieldguide.gizmodo.com/share-your-home-wi-fi-easily-using-an-nfc-tag-or-qr-cod-1624327128

Maybe you have to refine this and maybe NFC is not the answer but something similar is possible with BT. Just a quick thought. You're also allowed to be rude if this reply is complete non-sense ;-)

Cheers,
Seb

mherger
2016-05-13, 05:13
You're totally OT. So please post elsewhere.

But as you've already posted, I'll add my 5 centimes, too :-).

If you spoke German, you should try to get the latest magazine c't (or
buy the article online
http://www.heise.de/ct/ausgabe/2016-10-Raspberry-Pi-als-Gaeste-WLAN-Automat-3185167.html).
They describe a different way to address the same/similar problem: they
created a guest access point using a Pi3 - and a display. It would
create new keys on a daily basis (could be a different interval, of
course), then provide a QR code to configure the client devices.

I'm sure this approach can be found documented somewhere else, too.

--

Michael

epoch1970
2016-05-13, 05:46
Guys, you're just great. Thanks!

UPDATE: Heh. My 1st assumption is wrong (in practice.) I can discover the Pi over BT through walls, that's not too good for what I had in mind (thanks to you).
The C't guys are probably wise to use visual range. A screen is costly though...