Content deleted Content added
Citation bot (talk | contribs) Removed parameters. | Use this bot. Report bugs. | #UCB_CommandLine |
m →PEAPv0 with EAP-MSCHAPv2: link to Dynamic encryption |
||
Line 37:
Behind [[EAP-TLS]], PEAPv0/EAP-MSCHAPv2 is the second most widely supported EAP standard in the world. There are client and server implementations of it from various vendors, including support in all recent releases from [[Microsoft]], [[Apple Computer]] and [[Cisco Systems|Cisco]]. Other implementations exist, such as the [[xsupplicant]] from the Open1x.org project, and [[wpa_supplicant]].
As with other 802.1X and EAP types, [[dynamic encryption]] can be used with PEAP.
A CA certificate must be used at each client to authenticate the server to each client before the client submits authentication credentials. If the CA certificate is not validated, in general it is trivial to introduce a fake Wireless Access Point which then allows gathering of [[MS-CHAPv2]] handshakes.<ref name="Man-in-the-Middle in Tunneled Authentication Protocols">{{cite web|title=Man-in-the-Middle in Tunneled Authentication Protocols|url=//eprint.iacr.org/2002/163.pdf|publisher=Nokia Research Center|accessdate=14 November 2013}}</ref>
| |||