Questions tagged [peap]

The Protected Extensible Authentication Protocol is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

Currently there are two standards:

PEAPv0/EAP-MSCHAPv2 (PEAPv0/EAP-MSCHAPv2 is the most common form of PEAP in use, and what is usually referred to as PEAP. The inner authentication protocol is Microsoft's Challenge Handshake Authentication Protocol, meaning it allows authentication to databases that support the MS-CHAPv2 format, including Microsoft NT and Microsoft Active Directory.)
PEAPv1/EAP-GTC (PEAPv1/EAP-GTC was created by Cisco to provide interoperability with existing token card and directory based authentication systems via a protected channel and is not supported by the Microsoft Windows Operating System natively.)

25 questions

votes

3 answers

Protection of eduroam credentials

Recently my educational institution officially switched over from the their own wireless network to eduroam. If I understand correctly from the FAQ, credential authentication is performed on the servers at my educational institution no matter where…

asked Aug 30 '15 at 16:36

rink.attendant.6

2,227
4
22
33

votes

1 answer

How does WPA2-Enterprise protect against an evil twin attack?

Original question title: What information do EAP-TLS certificates contain I recently read a couple of topics on stackoverflow, concerning the verification of Wi-Fi access points: How Are Wi-Fi access points verified? Why is a CA certificate…

tls wifi peap

asked Oct 14 '14 at 06:53

Michael

5,393
2
32
57

votes

2 answers

Is EAP-MSCHAP v2 secure?

I am in a process of enforcing more strict VPN access policy after learning about the attack on PPTP with MSCHAP v2. Basically this I will be disabling the traditional PPP authentication methods and using an EAP method instead. Windows provides…

vpn peap

asked Sep 15 '13 at 19:13

billc.cn

3,852
1
16
24

votes

1 answer

Hotspot with same SSID, how does authorization work?

My university has a wireless network I log into with my username and password. It's using PEAP. My phone and laptop automatically connect to this SSID when they detect the network. If someone sets up a hotspot using the same SSID and my phone or…

authentication wifi wireless authorization peap

asked Sep 24 '13 at 18:48

Jochem Kuijpers

votes

3 answers

How does EAP/PEAP integrate with modern security protocols?

How exactly does Extensible Authentication Protocol (EAP)/Protected EAP integrate into modern security protocols? What I know (or not know) so far... It's used by wireless networks utilizing authentication methods based upon Point to Point Protocol…

authentication wireless peap

asked Oct 02 '14 at 19:27

RoraΖ

12,317
4
51
83

votes

2 answers

Is it possible for an 802.1x network (PEAP/MSCHAPv2) to have no certificate?

Is it possible for an 802.1x network (PEAP/MSCHAPv2) to have no certificate (CA, user, or otherwise)? If so, what are the security implications? The reason I ask is: I'm regularly connecting to a particular organization's WLAN and I'm under the…

authentication certificates 802.1x peap wpa-enterprise

asked Mar 29 '18 at 04:16

voices

1,649
7
22
36

votes

4 answers

How much of a risk to students is an open WiFi network on campus? EDIT: please read in full.

I've been battling bureaucracy at my community college for months on this issue; a few months ago, they changed security on the SSID for students; It used to use EAP, allowing students to enter their academic credentials once in their native Wi-Fi…

encryption network wifi vulnerability peap

asked Nov 19 '14 at 21:30

Aaron Rosenfeld

votes

2 answers

Certificate validation with 802.1x PEAP

I recently learned about how WPA-PSK works. If I understand correctly, the 4-way handshake enables the protocol to ensure mutual possession of the PMK (and therefor, the PSK) without sending the PMK/PSK over. This way it's not susceptible to a…

authentication wifi wpa2 radius peap

asked Aug 11 '14 at 14:50

Compizfox

votes

1 answer

Is it necessary to use PEAP for L2TP/IPsec?

This is a sister question of Is EAP-MSCHAP v2 secure?. Based on my understanding, IPsec should have authenticated the server (we're using PKI) and secured the rest of the protocols before the user authentication takes place, so there's no need to…

vpn ipsec peap

asked Sep 15 '13 at 19:19

billc.cn

3,852
1
16
24

votes

2 answers

Wireless Security: PEAP

I was wondering if there are any known attacks against PEAP used in wireless authentication/authorization? I'm specifically looking for attacks that would allow: bypassing the authentication session hijacking

wireless peap

asked Mar 13 '13 at 15:58

Lucas Kauffman

54,169
17
112
196

votes

2 answers

Decoding tunnel bytes in EAP-TLS or EAP-TTLS using Wireshark

I have a few pcaps of traffic for EAP-TTLS conversation, carried by RADIUS. I also have some being carried by EAPoL, but I think the answer to that case might be even less straightforward (though perhaps not necessarily so). In both cases I can view…

authentication wpa2 wireshark wep peap

asked Oct 17 '14 at 16:05

robert

votes

2 answers

How to generate a MSK from IEEE 802.1X-2010

IEEE 802.1X-2010 states: "Generate an MSK of at least 64 octets, as required by IETF RFC 3748 [B14] Section 7.10, of which the first 16 or 32 octets are used by this standard as described in 6.2.2." RFC3748 states: "EAP method supporting key…

encryption tls peap

asked Oct 20 '20 at 07:09

MartyMcFly

votes

2 answers

EAP vs TLS authentication

I am having trouble understanding the point of EAP. EAP is an authentication framework, which defines several TLS based methods and encapsulations like EAP-TLS, EAP-TTLS and PEAP. These all require the server/authenticator to have a certificate…

tls authentication wpa2-eap peap

asked Jan 09 '20 at 16:28

Sylvester

votes

0 answers

Change default EAP type in hostapd

I'm trying to change the default EAP type in hostapd but I am not able to understand how to do that. Here's what I've found reading the hostapd.conf file: > # NAI Realm information > # One or more realm can be advertised. Each nai_realm line adds a…

network configuration peap 802.1x wpa2-eap

asked Apr 07 '17 at 17:56

JohnLocke

vote

0 answers

Tunnel after authentication is complete with EAP-TTLS or PEAP

After authentication is complete with EAP-TLS, EAP-TTLS or PEAP, what happens to the tunnel? Is it collapsed?

tls tunneling peap

asked Sep 11 '16 at 23:51

Heyro

2 Next