Results 1 to 3 of 3

Thread: EAP identity plain-text?

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2007
    Posts
    8

    Default EAP identity plain-text?

    Hi guys,

    I'm looking into WPA, how it works, why it works, why it better than WEP, etc.

    Now, for the authentication with authentication-servers, the EAP protocol is used. There are different varieties of EAP. As far as i can tell, in the EAP
    handshake with the server (NOT the EAP 4-way handshake for key generation!)
    the identity of the requester is sent in plain-text, unless EAP-TLS is used.

    Can anyone confirm this, or am I missing something here?

  2. #2
    Just burned his ISO pools_closed's Avatar
    Join Date
    Jun 2007
    Posts
    18

    Default

    could anything you're looking for be in:

    en.wikipedia.0rg/wiki/Extensible_Authentication_Protocol


    (change the 0 in org to an "o")
    perhaps?

  3. #3
    Just burned his ISO
    Join Date
    May 2007
    Posts
    8

    Default

    Quote Originally Posted by pools_closed View Post
    could anything you're looking for be in:

    en.wikipedia.0rg/wiki/Extensible_Authentication_Protocol


    (change the 0 in org to an "o")
    perhaps?
    Wikipedia decribes the different implementations of authentication methods using the EAP framework. I'm looking one step more into detail: what kind of packets are sent, what's in that packets and how useful is that?

    Look at this: rediris.3s/moviris/tecnologias/8021xchat.gif
    (change the 3 in 3s to "e")

    This looks like that the identity, thus the userID is sent in plaintext when a EAP session is initiated. And then we already have the half of the login credentials...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •