Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Running MSCHAPv2 as an EAP method has the same security considerations as running it without EAP.
Using the terminology of the Extensible Authentication Protocol (EAP) (see [RFC3748] section 7.2.1), the security claims of this specification are shown in the following table.
|
Authentication mechanism |
Password |
|---|---|
|
CipherSuite negotiation |
No |
|
Mutual authentication |
Yes |
|
Integrity protection |
Yes |
|
Replay protection |
Yes |
|
Confidentiality |
No |
|
Key derivation |
Yes |
|
Key strength |
Depends on password policy. |
|
Dictionary attack protection |
No |
|
Fast reconnect |
No |
|
Cryptographic binding |
N/A |
|
Session independence |
Depends on password policy. |
|
Fragmentation |
No |
|
Channel binding |
No |