Content deleted Content added
m added missing word |
|||
Line 30:
==PEAPv0 with EAP-MSCHAPv2==
MS-CHAP2 is an old authentication protocol which Microsoft introduced with NT4.0 SP4 and Windows 98.
PEAPv0/EAP-MSCHAPv2 is the most common form of PEAP in use, and what is usually referred to as PEAP. The inner authentication protocol is [[Microsoft]]'s [[MS-CHAPv2|Challenge Handshake Authentication Protocol]], meaning it allows authentication to databases that support the MS-CHAPv2 format, including Microsoft NT and Microsoft Active Directory.
Line 36 ⟶ 38:
As with other 802.1X and EAP types, dynamic encryption can be used with PEAP.
A CA certificate must be used at each client to authenticate the server to each client before the client submits authentication credentials. If the CA certificate is not validated, in general it is trivial to introduce a fake Wireless Access Point which then allows gathering of [[MS-CHAPv2]] handshakes.<ref name="Man-in-the-Middle in Tunneled Authentication Protocols">{{cite web|title=Man-in-the-Middle in Tunneled Authentication Protocols|url=//eprint.iacr.org/2002/163.pdf|publisher=Nokia Research Center|accessdate=14 November 2013}}</ref>
Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.
== PEAPv1 with EAP-GTC ==
| |||