EAP identity plain-text?
I'm looking into WPA, how it works, why it works, why it better than WEP, etc.
Now, for the authentication with authentication-servers, the EAP protocol is used. There are different varieties of EAP. As far as i can tell, in the EAP
handshake with the server (NOT the EAP 4-way handshake for key generation!)
the identity of the requester is sent in plain-text, unless EAP-TLS is used.
Can anyone confirm this, or am I missing something here?
could anything you're looking for be in:
(change the 0 in org to an "o")
Wikipedia decribes the different implementations of authentication methods using the EAP framework. I'm looking one step more into detail: what kind of packets are sent, what's in that packets and how useful is that?
Originally Posted by pools_closed
Look at this: rediris.3s/moviris/tecnologias/8021xchat.gif
(change the 3 in 3s to "e")
This looks like that the identity, thus the userID is sent in plaintext when a EAP session is initiated. And then we already have the half of the login credentials...