EAP-MD5 uses Message Digest 5 (MD5)-based challenge-response for authentication. Using this method, the client identity is transmitted over the network, but the password is not sent. The server generates a random string and sends it to the user as a challenge. The client MD5 hashes the challenge using its password as the key. The server then authenticates the subscriber by verifying the user's MD5 hash password.

This type of authentication is well supported and provides a simple mechanism for authentication using username and passwords. It also does not burden the server or the client because of its lightweight processing requirements.

The cons of using MD5 are the security weaknesses inherit in this authentication method. MD5 requires the storage of plain-text or reversible passwords on the authentication server. Microsoft is also phasing it out.

Figure 17-5 shows the MD5 authentication process is an 802.1x environment.

0 0

Post a comment