Cisco PEAP vs. MS PEAP - Page 2

TerranceMcdonald · ‎11-04-2004

Can anyone tell me advantages/disadvantages of using one type of PEAP over another? If anyone has a nice, non-biased link that can sum it up that would be appreciated as well. Thanks.

dixho · ‎11-12-2004

"If I do both machine and user, the machine ID AND user ID are both sent in the clear."

Why do you say the above?

My previous response is as follows:

"You can use two user names (i.e. machine ID and user ID) in PEAP MS-CHAP v2. Machine ID is sent in clear text. User ID is encrypted."

Do you mean that you see both machine ID and user ID in clear text in a wireless sniffer trace. If you have a wireless sniffer trace, please send it to me @ dixho@cisco.com

TerranceMcdonald · ‎11-15-2004

Just wondering if this PEAP problem ever got cleared up. If the username is sent in the clear it seems we would have the same security hole that LEAP has. However, does EAP-FAST do anything more, or less, securely than PEAP?

rsumpter · ‎11-17-2004

Yes. In the sniffer traces I can see both the machine & user authentications in the clear. Each authentication is handled as two seperate EAP authentications. I'm sending the traces.

Rob

TerranceMcdonald · ‎11-18-2004

In that case, why is PEAP not prone to offline dictionary attacks?