Talk:Extensible Authentication Protocol

From Wikipedia, the free encyclopedia

You have new messages (last change).
Security protocols are inherently difficult to understand. Diagrams are helpful.
Security protocols are inherently difficult to understand. Diagrams are helpful.

This page seems to have some serious anti-Cisco slant, possibly to the extent that it violates NPOV. In particular, phrases such as 'Swallowing the Cisco Kool-Aid' have no place in an encyclopdiac entry. Yes, it is true that LEAP as well as MD5 are vulernable to dictionary attacks; however, this article makes such the assinine references that EAP-FAST is likewise going to be insecure which is true speculation and also has no place in this entry. --anon

Thanks for pointing that out: I've cut a few sentences that were blatant, but it still needs work, and the article is pretty hard to understand to boot. I've added a "cleanup" tag. — Matt Crypto 16:29, 24 Jun 2005 (UTC)
I apologize for that 'Swallowing the Cisco Kool-Aid' comment. This was my first contribution to the Wiki and it was a newbie mistake. I will be more careful in the future. -- George

The EAP should, according to IETF (see http://www3.ietf.org/proceedings/02mar/slides/eap-1/tsld010.htm), be pronounced as "ee ey pee". Schotti 03:22, 16 February 2006 (UTC)

[edit] Tagged Changed

This article seems pretty clean. I swapped out the cleanup for diagram becuase security protocols are inherently difficult to understand. --meatclerk 19:16, 23 July 2006 (UTC)

The data on the difference between PEAPv0 and PEAPv1 is wrong.

Both versions of PEAP support EAP subtypes and microsoft has an extension API allowing their use. Which supplicants support what by default or per supplicant implementation is not the same as saying they are not supported or various EAP subtypes that work in v0 can't work in v1 or vis versa. I've personally used EAP-GTC over PEAPv0 using the AEGIS supplicant.

The difference between v0 and v1 is that v0 uses a slightly different header format and v0 uses the eap type of EAP Extension (Type 33) to convey success/failure information. This is the ONLY difference between v0 and v1. From the users perspective neither version is better than the other. They both have the same capabilities and security properties and capabile of supporting the same subtypes.

The latest PEAP drafts define PEAPv2 which is similiar to v1 except that it adds a crypto binding between the inner EAP-PEAP-(EAP-??) method protected by PEAP and the keying material used in the PEAP handshake. This provides improved security.

Retrieved from "http://en.wikipedia.org../../../e/x/t/Talk%7EExtensible_Authentication_Protocol_8b34.html"