Tim,
EAP-MD5 is not even close. It uses a hash function that has been
depricated, it can easily be cracked with an off-line dictionary attack,
and it does not generate keys.
EAP-pwd provides resistance to active attack, passive attack, and
ditionary attack. It uses modern cryptography (strong hash functions
and elliptic curves). And it generates strong, mutually authenticated
keys.
regards,
Dan (the author of EAP-pwd, RFC 5931).