TLS and MD5 with hostapd

Sam Leffler sam at errno.com
Mon Feb 9 11:24:14 EST 2004


On Monday 09 February 2004 08:10 am, Brian Beattie wrote:
> On Mon, 2004-02-09 at 01:41, Jim Thompson wrote:
> > No, you don't want to use EAP/MD5 for 802.11.
> >
> > Jim
>
> And Jim knows everything, juts ask him.
>
> So Jim, would you care to enlighten us as to why Brade does not want to
> use EAP/MD5?  or should we just take your word for it?

A quick google search found several papers that explained how+why EAP-MD5 is 
prone to attacks in a shared-channel environment.  In fact folks are trying 
to get it removed from 802.1i1i.

	Sam




More information about the HostAP mailing list