Hello,
This is clear for me. Are there are any EAP flavor that uses strong hash and can handle SSID spoofing well?
EAP-TLS brings all the security you ever want with its use of client certificates. It also brings all the complexities of cert management you do not want though. EAP-pwd is password-based but the passwords never travel over the wire. probably this is what you want. It's comparatively "brand new" though, and you need to pay some attention if your envisaged client devices all support it. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66