Success: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant
malk at sidehack.sat.gweep.net
malk
Thu Feb 3 09:15:44 PST 2005
Let's try again w/ the right e-mail list addr :)
Forwarded message:
> From malk Thu Feb 3 01:01:16 2005
> Message-ID: <20050203060115.90982.qmail at sidehack.sat.gweep.net>
> From: malk at sidehack.sat.gweep.net
> Subject: Success: hostapd 1.3.5, madwifi, internal EAP-PEAP/MSCHAPv2 w/ WinXP supplicant
> To: hostap at schmoo.com
> Date: Thu, 3 Feb 2005 01:01:15 -0500 (EST)
> Cc: malk at gweep.net
> X-Mailer: ELM [version 2.5 PL6]
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> As the subject says, I've got hostapd 0.3.5 latest devel release working
> with madwifi (02/01/2005 CVS sync) with EAP-PEAP/MSCHAPv2 with the built
> in 802.1x auth w/ Windows XP pro client. I'm supplying a
> username/password/domain (the test one under phase 2 of the eapusers
> config file) to authenticate and I've got WEP broadcast and unicast
> re-keying active (changing keys every minute) and from the logging it
> all seems to be working just fine.
>
> I couldn't get the WinXP client to authenticate with MSCHAPv2 w/ only a
> username and password -- it seems I need to supply a DOMAIN for auth
> to work.
>
> Correct me if I'm wrong, but this should be pretty secure -- the 128 bit
> WEP keys are changing every minute for traffic, and the 802.1x auth EAP
> packets are tunneled in PEAP which are exchanged in an SSL style manner?
> (hence a "tunnel" like setup)
>
> Plus the password within the PEAP SSL encryption is MSCHAPv2 so yet
> another layer of auth security -- pretty tough to break the SSL session
> plus the MSCHAPv2 to get the credentials.
>
> Seems if someone breaks a WEP key, it's only good until the next re-key
> which I've configured for 60 seconds. I would think it would be impractical
> to try and break in and use the network...
>
> Way cool ... I'm hoping I'll have time to get the radius based setup working.
> Since the internal authenticater is new I thought I report success.
>
> -Eric Malkowski
>
More information about the Hostap
mailing list