On Fri, Apr 07, 2017 at 07:39:48PM +0000, Brian Julin wrote:
Haven't seen one. Really we need some bored retiree to start a beer money kickstarter to test and maintain giant compatibility tables, not just for this, but for all the nuances of wifi chipsets.
If they started at retiring age they'd be dead before it was even half finished if chipsets are included.
PAP should only be used when confined to unsniffable internal administrative networks... there's no good reason to use it elsewhere as all it will do is expose your user's passwords, which is worse than having no password security at all.
Nowt really wrong with PAP inside EAP/TTLS. At least, no worse than MSCHAPv2. With PAP the password is encrypted inside TTLS, and you can store it securely on the server. With MSCHAPv2 it's the same level of encryption over the wire (as the MSCHAPv2 is easy to break), *and* you have to store easy to break NTLM hashes on the server. i.e. EAP-TTLS/PAP is arguably more secure. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>