On Wed, Aug 18, 2021 at 5:22 PM Denis Kenzior <denkenz@xxxxxxxxx> wrote: > > Hi Ard, > > >> That is not something that iwd has any control over though? We have to support > >> it for as long as there are organizations using TTLS + MD5 or PEAPv0. There > > Ah, my brain said MSCHAP but my fingers typed MD5. > > >> are still surprisingly many today. > >> > > > > Does that code rely on MD4 as well? > > > > But the answer is yes. Both PEAP and TTLS use MSCHAP or MSCHAPv2 in some form. > These are commonly used for Username/Password based WPA(2|3)-Enterprise > authentication. Think 'eduroam' for example. Can you give some background here? IIRC MS-CHAPv2 is much worse than the NTLMSSP case in cifs.ko (where RC4/MD5 is used narrowly). Doesn't MS-CHAPv2 depend on DES? -- Thanks, Steve