11-04-2004 02:38 PM - edited 07-04-2021 10:08 AM
Can anyone tell me advantages/disadvantages of using one type of PEAP over another? If anyone has a nice, non-biased link that can sum it up that would be appreciated as well. Thanks.
11-12-2004 05:05 PM
"If I do both machine and user, the machine ID AND user ID are both sent in the clear."
Why do you say the above?
My previous response is as follows:
"You can use two user names (i.e. machine ID and user ID) in PEAP MS-CHAP v2. Machine ID is sent in clear text. User ID is encrypted."
Do you mean that you see both machine ID and user ID in clear text in a wireless sniffer trace. If you have a wireless sniffer trace, please send it to me @ dixho@cisco.com
11-15-2004 02:15 PM
Just wondering if this PEAP problem ever got cleared up. If the username is sent in the clear it seems we would have the same security hole that LEAP has. However, does EAP-FAST do anything more, or less, securely than PEAP?
11-17-2004 05:02 PM
Yes. In the sniffer traces I can see both the machine & user authentications in the clear. Each authentication is handled as two seperate EAP authentications. I'm sending the traces.
Rob
11-18-2004 06:36 AM
In that case, why is PEAP not prone to offline dictionary attacks?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide