Hi Ard,
That is not something that iwd has any control over though? We have to support
it for as long as there are organizations using TTLS + MD5 or PEAPv0. There
Ah, my brain said MSCHAP but my fingers typed MD5.
are still surprisingly many today.
Does that code rely on MD4 as well?
But the answer is yes. Both PEAP and TTLS use MSCHAP or MSCHAPv2 in some form.
These are commonly used for Username/Password based WPA(2|3)-Enterprise
authentication. Think 'eduroam' for example.
MD4 is used to hash the plaintext password, but the hash is sent inside a TLS
tunnel, so there's really no immediate crypto weakness concern? At least
there's not a replacement on the horizon as far as I know. EAP-PWD has its own
problems and I doubt certificate based authentication will overtake
username/password any time soon.
Regards,
-Denis
