Article:		A Technical Comparison of TTLS and PEAP
Subject:		Funk Software RADIUS support MS-CHAP-V2 in Solaris
Date:		2003-07-07 17:53:52
From:		anonymous2
Response to: MS-Chap is designed for MS Databases
For your Information, Funk has recently released its latest RADIUS server running on the both Windows and Solaris platform. I have tested the solaris version and it supports Microsoft PEAP (which requires MS-CHAP-V2 for inner-authentication). It worked fine with Microsoft XP Service Pack 1 PEAP and Funk's client software 'Odyssey Client'. I don't think nobody can say which protocol is which. It is only the decision of the network administrators or wlan security policy admin to use PEAP or TTLS. But if I am, I will use TTLS with Funk. Easier but expensive.

Showing messages 1 through 1 of 1.

• Funk Software RADIUS support MS-CHAP-V2 in Solaris
  2003-10-04 09:40:16  pppeterd [Reply | View]
  
  
  TTLS and PEAP are functionally similiar. TTLS encodes data in RADIUS AVPs while PEAP is just another EAP session instead of a TLS(SSL) tunnel.
  
  There are some opportunities for PEAP to be more secure than TTLS. The latest drafts establish a cryptographic binding between the TLS channel and the authentication protocol itself (For example MSCHAPv2) making some man-in-the-middle attacks harder to pull off.
  
  Anyway lots of RADIUS servers are starting to support PEAP and or TTLS. SBR, Interlink, RadiusNT/X, Radiator..etc. PEAPs big advantage in the market can be summed up with one word.. "Microsoft". There are client options for TTLS, and some of them may be free.. But it boils down to some 90 something percent of clients running a MS operating system who already have the required software installed.