15 Jul
2016
15 Jul
'16
1:20 p.m.
On 15/07/16 16:52, Arran Cudbard-Bell wrote:
No. All modern supplicants and authentication clients use MSCHAPv2.
Sounds promising.
The most common applications are PEAPv0 and PPTP.
There's not a huge advantage in storing unsalted MD4 hashed passwords.
In terms of security? It ticks the box marked "did the best we could". And it does protect those who use long passwords. And we might yet enforce stricter password strengths - the original rules were designed to deal with (slow) *on-line* attacks.