EAP-MD5-Challenge ================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is EAP-MD5-Challenge?** EAP-MD5-Challenge is an authentication method that uses the MD5 hashing algorithm. It is part of the Extensible Authentication Protocol (EAP) framework and involves a challenge-response authentication mechanism, where the client hashes the challenge with a shared secret and returns the result to the server for validation. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is EAP-MD5-Challenge useful?** * Provides simple password-based authentication. * Widely supported in older systems. * Lightweight and easy to implement. * Suitable for environments requiring minimal overhead. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * The server sends a random challenge to the client. * The client hashes the challenge using a pre-shared secret (password). * The client sends the hashed challenge back to the server. * The server compares the returned hash with the expected hash to authenticate the client. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is EAP-MD5-Challenge used?** * Wireless networks (e.g., WEP). * Legacy systems requiring challenge-response authentication. * Environments where minimal security is sufficient. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * EAP-MD5-Challenge operates at the **Application Layer (Layer 7)** of the OSI model. * It relies on lower OSI layers for transport, typically using RADIUS over UDP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-MD5-Challenge Windows specific?** No, EAP-MD5-Challenge is **not Windows-specific**. It is supported on various platforms, including Linux, macOS, and others. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-MD5-Challenge Linux specific?** No, EAP-MD5-Challenge is **not Linux-specific**. It can be implemented across various operating systems. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by EAP-MD5-Challenge?** EAP-MD5-Challenge typically uses **UDP** for transport when used with the **RADIUS protocol**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by EAP-MD5-Challenge?** EAP-MD5-Challenge uses **UDP port 1812** for authentication via the **RADIUS protocol**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-MD5-Challenge using Client-server model?** Yes, EAP-MD5-Challenge follows a **client-server model**. The client sends data to the server, which performs the authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-MD5-Challenge protocol use certificates?** No, EAP-MD5-Challenge does **not use certificates**. It relies on a shared secret (password) for authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for EAP-MD5-Challenge protocol?** There are **two** frame exchanges during the connection process: 1. The server sends a **challenge** to the client. 2. The client sends the **hashed challenge response** back to the server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-MD5-Challenge Protocol use client certificates?** No, EAP-MD5-Challenge does **not use client certificates** for authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-MD5-Challenge Protocol use Server Certificates?** No, EAP-MD5-Challenge does **not use server certificates**. It uses a shared secret for challenge-response authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-MD5-Challenge Protocol depend on TCP?** No, EAP-MD5-Challenge **does not depend on TCP**. It typically uses **UDP** with RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-MD5-Challenge Protocol depend on UDP?** Yes, EAP-MD5-Challenge typically uses **UDP** when used with RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing EAP-MD5-Challenge Protocol?** - **Client**: Initiates authentication by sending a challenge response. - **Server**: Verifies the challenge response and authenticates the client. - **Administrator**: Configures the shared secret and manages the authentication system. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-MD5-Challenge Protocol work with FreeRADIUS server on Linux?** Yes, **EAP-MD5-Challenge** works with **FreeRADIUS** on Linux, as FreeRADIUS supports this authentication method. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-MD5-Challenge Protocol work with Internal RADIUS server of hostapd?** Yes, **EAP-MD5-Challenge** works with the internal RADIUS server of **hostapd**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version used for EAP-MD5-Challenge Protocol?** EAP-MD5-Challenge is defined in **RFC 3748** (Extensible Authentication Protocol). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During Connection Procedure which EAP packets are encrypted?** EAP-MD5-Challenge does **not encrypt** the EAP packets. The security relies on the challenge-response authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you explain different stages of Connection Procedure for EAP-MD5-Challenge?** 1. **Challenge**: The server sends a challenge to the client. 2. **Response**: The client hashes the challenge with the shared secret and returns it. 3. **Authentication**: The server compares the hash and authenticates the client. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of Connection Procedure?** The final output is either **successful authentication** if the hashes match, or **failure** if the hashes do not match. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the format of the key generated after the connection procedure?** EAP-MD5-Challenge does not generate a **key**. It performs password-based authentication through a challenge-response mechanism. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is the use of PMK generated by the connection procedure?** **EAP-MD5-Challenge** does **not involve** a **Pairwise Master Key (PMK)**, as it uses a simple password-based authentication method. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`EAP_MD5_Challenge Version&IEEE Details ` * :ref:`EAP_MD5_Challenge FreeRadius Basic Setup on Ubuntu (2 Machines) ` * :ref:`STEP 1: Bring up FreeRADIUS ` * :ref:`STEP 2: Bring up AP ` * :ref:`STEP 3: Bring up STA ` * :ref:`EAP_MD5_Challenge FreeRadius Basic Setup on Ubuntu (3 Machines) ` * :ref:`EAP_MD5_Challenge Internal Radius Server Basic Setup on Ubuntu (2 Machines) ` * :ref:`EAP_MD5_Challenge Protocol Packet Details ` * :ref:`EAP_MD5_Challenge Usecases ` * :ref:`EAP_MD5_Challenge Basic Features ` * :ref:`Reference links ` .. _EAP_MD5_Challenge_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _EAP_MD5_Challenge_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _EAP_MD5_Challenge_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _EAP_MD5_Challenge_step5: .. tab-set:: .. tab-item:: EAP_MD5_Challenge Version&RFC Details * rfc details .. _EAP_MD5_Challenge_step18: .. tab-set:: .. tab-item:: EAP_MD5_Challenge FreeRadius Basic Setup on Ubuntu (2 Machines) .. _EAP_MD5_Challenge_step23: .. tab-set:: .. tab-item:: STEP 1: Bring up FreeRADIUS .. csv-table:: :file: ./EAP_MD5_Challenge/eap_md5_freeradius_server.csv :class: tight-table .. _EAP_MD5_Challenge_step21: .. tab-set:: .. tab-item:: STEP 2: Bring up AP using hostapd .. csv-table:: :file: ./EAP_MD5_Challenge/eap_md5_ap_hostapd.csv :class: tight-table .. _EAP_MD5_Challenge_step22: .. tab-set:: .. tab-item:: STEP 3: Bring up STA .. csv-table:: :file: ./EAP_MD5_Challenge/eap_md5_sta_wpa_supplicant.csv :class: tight-table .. tab-set:: .. tab-item:: Wireshark Output * Download file to check wireshark output :download:`Packet capture in EAP_MD5_Challenge` .. _EAP_MD5_Challenge_step19: .. tab-set:: .. tab-item:: EAP_MD5_Challenge FreeRadius Basic Setup on Ubuntu (3 Machines) * setup .. _EAP_MD5_Challenge_step20: .. tab-set:: .. tab-item:: Internal Radius Server Basic Setup on Ubuntu (2 Machines) * setup .. _EAP_MD5_Challenge_step6: .. tab-set:: .. tab-item:: EAP_MD5_Challenge Protocol Packet Details * packet details .. _EAP_MD5_Challenge_step7: .. tab-set:: .. tab-item:: EAP_MD5_Challenge Usecases * usecases .. _EAP_MD5_Challenge_step8: .. tab-set:: .. tab-item:: EAP_MD5_Challenge Basic Features * features .. _EAP_MD5_Challenge_step17: .. tab-set:: .. tab-item:: Reference links * Reference links