Content deleted Content added
ClueBot NG (talk | contribs) m Reverting possible vandalism by 174.215.219.207 to version by Trappist the monk. Report False Positive? Thanks, ClueBot NG. (4248778) (Bot) |
Citation bot (talk | contribs) Removed parameters. | Use this bot. Report bugs. | #UCB_CommandLine |
||
Line 41:
A CA certificate must be used at each client to authenticate the server to each client before the client submits authentication credentials. If the CA certificate is not validated, in general it is trivial to introduce a fake Wireless Access Point which then allows gathering of [[MS-CHAPv2]] handshakes.<ref name="Man-in-the-Middle in Tunneled Authentication Protocols">{{cite web|title=Man-in-the-Middle in Tunneled Authentication Protocols|url=//eprint.iacr.org/2002/163.pdf|publisher=Nokia Research Center|accessdate=14 November 2013}}</ref>
Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.<ref>{{Cite web |date=2016-03-16 |title=Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate |url=https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |archive-url=https://web.archive.org/web/20160316174007/https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |archive-date=2016-03-16 |access-date=2022-10-19
== PEAPv1 with EAP-GTC ==
| |||