Revision as of 18:48, 14 August 2014 edit 128.172.52.254 (talk) No edit summary ← Previous edit		Revision as of 03:43, 22 August 2014 edit undo Chmarkine (talk \| contribs) 3,951 edits →PEAPv0 with EAP-MSCHAPv2: Since the server(s) support HTTPS, use protocol relative URL(s) (i.e. without http:) for these website(s): http://eprint.iacr.org/2002/163.pdf Next edit →
Line 36: As with other 802.1X and EAP types, dynamic encryption can be used with PEAP. A CA certificate must be used at each client to authenticate the server to each client before the client submits authentication credentials. If the CA certificate is not validated, in general it is trivial to introduce a fake Wireless Access Point which then allows gathering of [[MS-CHAPv2]] handshakes.<ref name="Man-in-the-Middle in Tunneled Authentication Protocols">{{cite web\|title=Man-in-the-Middle in Tunneled Authentication Protocols\|url=~~http:~~//eprint.iacr.org/2002/163.pdf\|publisher=Nokia Research Center\|accessdate=14 November 2013}}</ref> On recent hardware those handshakes can be cracked quickly. == PEAPv1 with EAP-GTC ==

Protected Extensible Authentication Protocol: Difference between revisions