Intel 3945ABG Network Card User Manual


 
Message Digest 5 (MD5) is a one-way authentication method that uses user names and
passwords. This method does not support key management, but does require a pre-
configured key if data encryption is used. It can be safely deployed for wireless
authentication inside EAP tunnel methods.
TLS
A type of authentication method using the Extensible Authentication Protocol (EAP) and a
security protocol called the Transport Layer Security (TLS). EAP-TLS uses certificates which
use passwords. EAP-TLS authentication supports dynamic WEP key management. The TLS
protocol is intended to secure and authenticate communications across a public network
through data encryption. The TLS Handshake Protocol allows the server and client to provide
mutual authentication and to negotiate an encryption algorithm and cryptographic keys
before data is transmitted.
TTLS
These settings define the protocol and the credentials used to authenticate a user. In TTLS
(Tunneled Transport Layer Security), the client uses EAP-TLS to validate the server and
create a TLS-encrypted channel between the client and server. The client can use another
authentication protocol, typically password-based protocols, as MD5 Challenge over this
encrypted channel to enable server validation. The challenge and response packets are sent
over a non-exposed TLS encrypted channel. TTLS implementations today support all
methods defined by EAP, as well as several older methods (PAP, CHAP, MS-CHAP and MS-
CHAPv2). TTLS can easily be extended to work with new protocols by defining new attributes
to support new protocols.
Authentication Protocols
PAP: Password Authentication Protocol is a two way handshake protocol designed for
use with PPP. Authentication Protocol Password Authentication Protocol is a plain text
password used on older SLIP systems. It is not secure.
CHAP: Challenge Handshake Authentication Protocol is a three way handshake
protocol which is considered more secure than PAP (Password Authentication
Protocol).
MS-CHAP (MD4): Uses a Microsoft version of RSA Message Digest 4 challenge and
reply protocol. This only works on Microsoft systems and enables data encryption. This
authentication method causes all data to be encrypted.
MS-CHAP-V2: Iintroduces an additional feature not available with MSCHAPV1 or
standard CHAP authentication, the change password feature. This feature allows the
client to change the account password if the RADIUS server reports that the password
has expired.
PEAP