Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

5.1 Security Considerations for Implementers

Running MSCHAPv2 as an EAP method has the same security considerations as running it without EAP.

Using the terminology of the Extensible Authentication Protocol (EAP) (see [RFC3748] section 7.2.1), the security claims of this specification are shown in the following table.

Authentication mechanism

Password

CipherSuite negotiation

No

Mutual authentication

Yes

Integrity protection

Yes

Replay protection

Yes

Confidentiality

No

Key derivation

Yes

Key strength

Depends on password policy.

Dictionary attack protection

No

Fast reconnect

No

Cryptographic binding

N/A

Session independence

Depends on password policy.

Fragmentation

No

Channel binding

No

Show:
© 2015 Microsoft