Home

EAPMD5

EAP-MD5 is an Extensible Authentication Protocol (EAP) method that uses the MD5 hash function to perform a challenge-response authentication between a client and an authenticator, typically within PPP connections or wireless networks. It is one of the older EAP methods and does not require public key certificates.

In operation, the authenticator issues a one-time challenge to the peer, along with an EAP identifier. The

Security considerations for EAP-MD5 are significant. It provides only peer-to-network authentication and offers no mutual authentication

Deployment and status: EAP-MD5 saw usage in early wireless and PPP deployments but has largely been superseded

See also: Extensible Authentication Protocol, MD5, EAP-TLS, PEAP.

peer
then
computes
an
MD5
hash
from
a
combination
of
the
challenge,
the
identifier,
and
the
user’s
password,
and
returns
this
16-byte
hash
as
the
authentication
response,
often
together
with
the
username.
The
server
or
authenticator
can
verify
the
response
by
performing
the
same
MD5
calculation
with
the
known
password.
If
the
calculated
hash
matches,
authentication
succeeds.
or
key
establishment
for
subsequent
traffic.
While
the
actual
password
is
not
sent
in
the
clear,
the
captured
MD5
challenge-response
can
be
subjected
to
offline
dictionary
or
brute-force
attacks.
There
is
also
no
built-in
mechanism
for
deriving
per-session
keys,
making
it
unsuitable
for
modern
confidentiality
and
integrity
requirements.
by
stronger
EAP
methods,
such
as
EAP-TLS
and
PEAP
or
EAP-TTLS
with
certificates
or
protected
inner
methods.
Some
legacy
systems
may
still
support
it
for
compatibility,
but
it
is
generally
not
recommended
for
new
installations.