Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Protected Extensible Authentication Protocol
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Overview== PEAP is similar in design to [[EAP-TTLS]], requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses [[server-side]] [[public key certificate]]s to authenticate the server. It then creates an [[encryption|encrypted]] [[Transport Layer Security|TLS]] [[tunneling protocol|tunnel]] between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping. As of May 2005, there were two PEAP sub-types certified for the updated [[Wi-Fi Protected Access|WPA]] and [[WPA2]] standard. They are: * PEAPv0/EAP-MSCHAPv2 * PEAPv1/EAP-GTC PEAPv0 and PEAPv1 both refer to the outer authentication method and are the mechanisms that create the secure TLS tunnel to protect subsequent authentication transactions. EAP-MSCHAPv2 and [[Extensible Authentication Protocol#EAP-GTC|EAP-GTC]] refer to the inner authentication methods which provide user or device authentication. A third authentication method commonly used with PEAP is [[Extensible Authentication Protocol#EAP-SIM|EAP-SIM]]. Within Cisco products, PEAPv0 supports inner EAP methods EAP-MSCHAPv2 and EAP-SIM while PEAPv1 supports inner EAP methods EAP-GTC and EAP-SIM. Since Microsoft only supports PEAPv0 and doesn't support PEAPv1, Microsoft simply calls it "PEAP" without the v0 or v1 designator. Another difference between Microsoft and Cisco is that Microsoft only supports the EAP-MSCHAPv2 method and not the EAP-SIM method. However, Microsoft supports another form of PEAPv0 (which Microsoft calls PEAP-EAP-TLS) that many Cisco and other third-party server and client software don't support. PEAP-EAP-TLS requires client installation of a [[client-side]] [[digital certificate]] or a more secure smartcard. PEAP-EAP-TLS is very similar in operation to the original EAP-TLS but provides slightly more protection because portions of the client certificate that are unencrypted in EAP-TLS are encrypted in PEAP-EAP-TLS. Ultimately, PEAPv0/EAP-MSCHAPv2 is by far the most prevalent implementation of PEAP, due to the integration of PEAPv0 into [[Microsoft Windows]] products. Cisco's CSSC client (discontinued in 2008 <ref>{{Cite web|title=End-of-Sale and End-of-Life Announcement for the Cisco Secure Services Client v4.0|url=https://www.cisco.com/c/en/us/products/collateral/wireless/secure-services-client/EOL_c51-459086.html|access-date=2021-05-04|website=Cisco|language=en}}</ref>) now supports PEAP-EAP-TLS. PEAP has been so successful in the market place that even [[Funk Software]] (acquired by [[Juniper Networks]] in 2005), the inventor and backer of [[EAP-TTLS]], added support for PEAP in their server and client software for wireless networks.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)