Occasional Contributor I

EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

Hi Folks,


We have a potential consultant recommending that we use EAP- PEAP(MSCHAPv2) and an appropriate supplicant in order to authenticate our wireless computers.


A few questions:


--Does this protocol work with or replace RADIUS authentication?

--Is it secure? I seem to recall that MSCHAPv2 was broken a long time ago?

--Does it work on Mac, PC, Linux?

--Are there viable alternatives? EAP-GTC?



Guru Elite

Re: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

Configured correctly it is secure. There are ways to misconfigure it in a manner that is insecure, however. Those protocols work over radius, so radius is not something separate, it is the delivery mechanism.

Please see the document here for more ideas:

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Guru Elite

Re: EAP-PEAP(MSCHAPv2) -- Secure? Alternatives? Cross-Platform?

If security is a concern, EAP-TLS is the only recommended EAP method.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: