Hi,
At 02:26 22/10/2004, Timolthy Keithy wrote:
Can anyone share brief details (main function) on how they work:
EAP-TLS = Extensible Authentication Protocol EAP-TTLS Tunneled Transport Layer Security EAP-MD5
PEAP
LEAP = Lightweight Extensible Authentication Protocol
The google shows too much and too many RFCs that very hard to understand.
EAP is the Extensible Authentication Protocol, and it is really just a framework in which one plugs an EAP method. EAP runs over 802.1X on Wi-Fi and Ethernet networks (and over RADIUS or Diameter between the AP/switch and the auth server).
EAP-TLS, EAP-TTLS, EAP-MD5 and PEAP are EAP methods (as well as EAP-SIM, EAP-AKA, EAP-SRP, EAP-MSCHAP, and quite a few others).
EAP-TLS uses TLS for authentication and is certificate-based.
EAP-TTLS and PEAP do basically the same thing: they create a secure tunnel in which to run another EAP method. It is usually used in combination with an unsecure method like EAP-MD5 that is password-based.
EAP-MD5 is the EAPized version of CHAP. It is password based, but there are many known possible attacks which makes it totally unsuitable for wireless authentication, unless it is tunnelled within EAP-TTLS or PEAP.
LEAP is a cisco-proprietary authentication method. It does not run over EAP/802.1X but at the Wi-Fi "authentication" level. There are known issues with it. To be avoided.
Hope that helps,
Jacques.
_______________________________________________ BAWUG's general wireless chat mailing list [unsubscribe] http://lists.bawug.org/mailman/listinfo/wireless
