Which two EAP methods may be susceptible to offline dictionary attacks? (Choose two.)
Click on the arrows to vote for the correct answerA. B. C. D.
The two EAP (Extensible Authentication Protocol) methods that may be susceptible to offline dictionary attacks are EAP-MD5 and LEAP.
EAP-MD5 (Message Digest 5) is a widely used EAP authentication method that uses a shared secret key between the client and the server to generate a message digest for authentication. However, the shared secret is vulnerable to offline dictionary attacks, where an attacker can capture the authentication messages and perform an offline brute-force attack to determine the shared secret. Once the shared secret is known, the attacker can use it to authenticate as a legitimate user.
LEAP (Lightweight EAP) is another EAP authentication method that was popularly used in Cisco wireless networks. LEAP uses a username and password for authentication, but the password is not hashed before transmission, making it vulnerable to offline dictionary attacks. An attacker can capture the authentication messages and use offline brute-force attacks to determine the user's password. Once the password is known, the attacker can use it to authenticate as a legitimate user.
On the other hand, PEAP (Protected EAP) with MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2) and EAP-FAST (Flexible Authentication via Secure Tunneling) are not vulnerable to offline dictionary attacks because they use mutual authentication with a server-side certificate and derive per-session keys. These methods do not transmit any passwords in plaintext or use shared secrets that can be easily brute-forced.
In conclusion, EAP-MD5 and LEAP are susceptible to offline dictionary attacks, while PEAP with MS-CHAPv2 and EAP-FAST are not.