Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


EAP-MD5-Challenge Authentication Protocol


EAP-MD5-Challenge, which is described in RFC 2284, enables a RADIUS server to authenticate a connection request by verifying an MD5 hash of a user’s password. The server sends the client a random challenge value, and the client proves its identity by hashing the challenge and its password with MD5.

EAP-MD5-Challenge is typically used on trusted networks where risk of packet sniffing or active attack are fairly low. Because of significant security vulnerabilities, EAP-MD5-Challenge is not usually used on public networks or wireless networks, because third parties can capture packets and apply dictionary attacks to identify password hashes. Because EAP-MD5-Challenge does not provide server authentication, it is vulnerable to spoofing (a third party advertising itself as an access point).

By default, the EAP-MD5-Challenge password protocol is available for use by the Native and UNIX authentication methods. Support for the EAP-MD5-Challenge protocol is discussed in eap.ini file in the SBR Carrier Reference Guide.