Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Can anyone tell me advantages/disadvantages of using one type of PEAP over another? If anyone has a nice, non-biased link that can sum it up that would be appreciated as well. Thanks.
Just wondering if this PEAP problem ever got cleared up. If the username is sent in the clear it seems we would have the same security hole that LEAP has. However, does EAP-FAST do anything more, or less, securely than PEAP?
Glad that cleared up. My next question for clarification is does PEAP (either version) send the username in clear text initially? If it does, why is it any more secure than LEAP?
I'm having a little bit of trouble understanding what you meant. If the username is transmitted in clear text before the TLS tunnel is built, then how come a wireless sniffer could not detect the username?
I am surprised to hear this about PEAP. I know LEAP had this issue of sending the username in plaintext, thus leading to it's recent vulnerabilities of offline dictionary attacks. The application asleap is said to be able to break the LEAP protocol...
