PEAP vs. TTLS and forward secrecy (was: Re: WPA2 Client Authentication using Radius and remote LDAP server)
Alan DeKok
aland at deployingradius.com
Thu Sep 20 16:46:45 CEST 2018
On Sep 20, 2018, at 10:26 AM, Hans-Christian Esperer <hc at hcesperer.org> wrote:
>>
>> Not a lot. They're both based on EAP-TLS, so they share that security.
>
> Okay, thank you. I know this is not related to this thread anymore, but could
> you elaborate a bit on the "Not a lot"?
They can both carry MS-CHAP inside of the TLS tunnel. Only TTLS can do PAP or CHAP, or other EAP methods. PEAP can do EAP-GTC, which is sort of PAP if you look hard enough.
Both can do client certificates, tho Windows doesn't support it.
> Another question, while we're at it: I just read about WPA3 and realized that
> WPA2-PSK does not offer forward secrecy. AFAICT EAP-TLS, TTLS and PEAP *do*
> provide forward secrecy, as long as the TLS handshake establishes a session key
> via diffie hellman. Correct?
>
> Now I wonder whether EAP-PWD, which uses a PSK per user, also provides forward
> secrecy? My assumption is that it doesn't.
Forward secrecy depends on the cipher suite you select. So "it all depends" is the best answer.
Alan DeKok.
More information about the Freeradius-Users
mailing list