Questions tagged [peap]

The Protected Extensible Authentication Protocol is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

The Protected Extensible Authentication Protocol is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

Currently there are two standards:

  • PEAPv0/EAP-MSCHAPv2 (PEAPv0/EAP-MSCHAPv2 is the most common form of PEAP in use, and what is usually referred to as PEAP. The inner authentication protocol is Microsoft's Challenge Handshake Authentication Protocol, meaning it allows authentication to databases that support the MS-CHAPv2 format, including Microsoft NT and Microsoft Active Directory.)
  • PEAPv1/EAP-GTC (PEAPv1/EAP-GTC was created by Cisco to provide interoperability with existing token card and directory based authentication systems via a protected channel and is not supported by the Microsoft Windows Operating System natively.)

Read more here: http://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol

25 questions
9
votes
3 answers

Protection of eduroam credentials

Recently my educational institution officially switched over from the their own wireless network to eduroam. If I understand correctly from the FAQ, credential authentication is performed on the servers at my educational institution no matter where…
rink.attendant.6
  • 2,227
  • 4
  • 22
  • 33
9
votes
1 answer

How does WPA2-Enterprise protect against an evil twin attack?

Original question title: What information do EAP-TLS certificates contain I recently read a couple of topics on stackoverflow, concerning the verification of Wi-Fi access points: How Are Wi-Fi access points verified? Why is a CA certificate…
Michael
  • 5,393
  • 2
  • 32
  • 57
8
votes
2 answers

Is EAP-MSCHAP v2 secure?

I am in a process of enforcing more strict VPN access policy after learning about the attack on PPTP with MSCHAP v2. Basically this I will be disabling the traditional PPP authentication methods and using an EAP method instead. Windows provides…
billc.cn
  • 3,852
  • 1
  • 16
  • 24
7
votes
1 answer

Hotspot with same SSID, how does authorization work?

My university has a wireless network I log into with my username and password. It's using PEAP. My phone and laptop automatically connect to this SSID when they detect the network. If someone sets up a hotspot using the same SSID and my phone or…
Jochem Kuijpers
  • 274
  • 2
  • 8
5
votes
3 answers

How does EAP/PEAP integrate with modern security protocols?

How exactly does Extensible Authentication Protocol (EAP)/Protected EAP integrate into modern security protocols? What I know (or not know) so far... It's used by wireless networks utilizing authentication methods based upon Point to Point Protocol…
RoraΖ
  • 12,317
  • 4
  • 51
  • 83
5
votes
2 answers

Is it possible for an 802.1x network (PEAP/MSCHAPv2) to have no certificate?

Is it possible for an 802.1x network (PEAP/MSCHAPv2) to have no certificate (CA, user, or otherwise)? If so, what are the security implications? The reason I ask is: I'm regularly connecting to a particular organization's WLAN and I'm under the…
voices
  • 1,649
  • 7
  • 22
  • 36
4
votes
4 answers

How much of a risk to students is an open WiFi network on campus? EDIT: please read in full.

I've been battling bureaucracy at my community college for months on this issue; a few months ago, they changed security on the SSID for students; It used to use EAP, allowing students to enter their academic credentials once in their native Wi-Fi…
4
votes
2 answers

Certificate validation with 802.1x PEAP

I recently learned about how WPA-PSK works. If I understand correctly, the 4-way handshake enables the protocol to ensure mutual possession of the PMK (and therefor, the PSK) without sending the PMK/PSK over. This way it's not susceptible to a…
Compizfox
  • 151
  • 1
  • 6
3
votes
1 answer

Is it necessary to use PEAP for L2TP/IPsec?

This is a sister question of Is EAP-MSCHAP v2 secure?. Based on my understanding, IPsec should have authenticated the server (we're using PKI) and secured the rest of the protocols before the user authentication takes place, so there's no need to…
billc.cn
  • 3,852
  • 1
  • 16
  • 24
3
votes
2 answers

Wireless Security: PEAP

I was wondering if there are any known attacks against PEAP used in wireless authentication/authorization? I'm specifically looking for attacks that would allow: bypassing the authentication session hijacking
Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
2
votes
2 answers

Decoding tunnel bytes in EAP-TLS or EAP-TTLS using Wireshark

I have a few pcaps of traffic for EAP-TTLS conversation, carried by RADIUS. I also have some being carried by EAPoL, but I think the answer to that case might be even less straightforward (though perhaps not necessarily so). In both cases I can view…
robert
  • 335
  • 2
  • 11
2
votes
2 answers

How to generate a MSK from IEEE 802.1X-2010

IEEE 802.1X-2010 states: "Generate an MSK of at least 64 octets, as required by IETF RFC 3748 [B14] Section 7.10, of which the first 16 or 32 octets are used by this standard as described in 6.2.2." RFC3748 states: "EAP method supporting key…
MartyMcFly
  • 21
  • 2
2
votes
2 answers

EAP vs TLS authentication

I am having trouble understanding the point of EAP. EAP is an authentication framework, which defines several TLS based methods and encapsulations like EAP-TLS, EAP-TTLS and PEAP. These all require the server/authenticator to have a certificate…
Sylvester
  • 65
  • 3
2
votes
0 answers

Change default EAP type in hostapd

I'm trying to change the default EAP type in hostapd but I am not able to understand how to do that. Here's what I've found reading the hostapd.conf file: > # NAI Realm information > # One or more realm can be advertised. Each nai_realm line adds a…
JohnLocke
  • 41
  • 2
1
vote
0 answers

Tunnel after authentication is complete with EAP-TTLS or PEAP

After authentication is complete with EAP-TLS, EAP-TTLS or PEAP, what happens to the tunnel? Is it collapsed?
Heyro
  • 31
  • 2
1
2