Should I use PAP, CHAP or MSCHAPv2 for inner authentication on eduroam?

1

There are countless instructions on how to connect to the eduroam network from various universities and research centres. They tend to differ in the recommendation regarding the inner authentication method. Below a screen-shot of the security screen of my wifi configuration. eduroam security config

  • PAP is considered insecure because it sends ASCII password unencrypted, but this may not be an issue since it's an inner authentication. I guess "inner" means that there is an outer layer of protection?
  • MSCHAPv2 is said to be an old authentication protocol
  • CHAP would be the one to choose?

Paul Rougieux

Posted 2016-03-09T10:16:20.797

Reputation: 167

what exactly is the problem? – aaaaa says reinstate Monica – 2016-03-09T10:26:22.820

@aaaaaa no problem, eduroam works for me with PAP inner authentication. But since I read it is insecure, I want to know if it's still OK to use PAP. – Paul Rougieux – 2016-03-09T10:54:39.567

Answers

3

You don't get to choose. The operator of the network decides whether you use PAP or MSCHAPv2. You can only use what the network operator tells you you should use.

In any case, PAP in this case is used inside a TLS tunnel. TLS is basically the gold standard in transport layer security on the web.

qasdfdsaq

Posted 2016-03-09T10:16:20.797

Reputation: 5 762

Asked: 2016-03-09T10:16:20.797

Viewed: 3 016 times

Active: 2016-03-09T11:13:24.820