Hi Steve,
But the answer is yes. Both PEAP and TTLS use MSCHAP or MSCHAPv2 in some form.
These are commonly used for Username/Password based WPA(2|3)-Enterprise
authentication. Think 'eduroam' for example.
Can you give some background here? IIRC MS-CHAPv2 is much worse than
the NTLMSSP case
What background are you looking for? iwd [0] is a wifi management daemon, so we
implement various EAP [1] and wifi authentication protocols.
in cifs.ko (where RC4/MD5 is used narrowly). Doesn't MS-CHAPv2 depend on DES?
You are quite correct. MSCHAPv2 also uses DES for generating the responses.
EAP with TTLS+MSCHAPv2 and PEAP+MSCHAPv2 are two of the most deployed variants
of WPA-Enterprise authentication using Username + Password.
Deprecating MD4, MD5, SHA1 or DES would be quite disruptive for us. We are
using these through AF_ALG userspace API, so if they're removed, some
combination of kernel + iwd version will break. We went through this with ARC4,
and while that was justified, I don't think the same justification exists for MD4.
[0] https://git.kernel.org/pub/scm/network/wireless/iwd.git
[1] https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
Regards,
-Denis
