Forum

  • By Sathwik - edited: January 19, 2013


    Which EAP type supports only password authentication (without support for certificates), but supports mutual authentication of the supplicant and authentication server?

    (Choose 1)

    A)PEAPv1/EAP-GTC

    B)LEAP

    C)EAP-MD5

    D)EAP-TLS

    E)PEAPv0/EAP-MSCHAPv2

    F)EAP-FAST

    Explanation:

    The EAP-TLS (Transport Layer Security) method mutually authenticates with client and server side certificates only. The EAP-MD5 method uses passwords but only one-way authenticates the client to the server (but not the server to the client). The PEAPv1/EAP-GTC method is an EAP within EAP method that supports the mutual authentication with cycling credentials originating from a token card. PEAP (any flavor) requires a server-side x.509 certificate. The EAP-FAST method uses the concept of PACs or protected access credentials in lieu of passwords.

    =================================================================

    If I am not wrong LEAP doesn't provide Mutual Authentication, it provides Pseudo Mutual Authentication. Sybex study guides says [page no 144] "With respect to grand scheme of WLAN security and what a WLAN security professional should look for in a security protocol, this form of mutual authentication buys very little"

    Also stated by Sybex study guide[page no 154], "EAP-FAST normally use EAP-GTC for inner authentication where username and password is used as credentials."

    If you go according to the book, the answer is EAP-FAST. But if you go by the practice test, the answer is LEAP. I am in a confusion to what to believe. Please Help!!

    ================================================================

  • This is the type of question that can be challenging. Notice the phrase, "supports only password authentication," with emphasis on the word ONLY. EAP-FAST may use tunnel internal password authentication or a token-based solution. LEAP supports password authentication only.

     

    As to the second part, "but supports mutual authentication," while the Sybex Official Study Guide indeed states the argument you note, it is still a form of mutual authentication and the question should (and will) be updated to reflect that. It will still be true that it supports a form of mutual authentication regardless of whether we thing that authentication is secure enough or does enough or not ;-)

     


    Frames Are Food,
    Tom 

  • Thanks Tom for the reply. I agree with with you on the first part and regarding Mutual Authentication I think question should be updated.

    The LEAP just checks both entities has same password and it doesn't really perform full pledged/strong Mutual Authentication. We can consider this as weak mutual authentication,

Page 1 of 1
  • 1