1.6 Applicability Statement

The Extensible Authentication Protocol Method for Microsoft CHAP is used when an EAP session is already set up and MSCHAPv2 is negotiated between a peer and its EAP server, as specified in [RFC3748] and [RFC2759], respectively.

The Extensible Authentication Protocol Method for Microsoft CHAP is susceptible to dictionary attacks and any other vulnerabilities of MSCHAPv2. By itself, it is only appropriate for use in environments where it is safe from eavesdroppers. In other cases (for example, in wireless networks), it is recommended that EAP with the MSCHAPv2 authentication method is run with encryption to provide additional protection.

The client and server implementations of this protocol will interoperate if the username is made up of standard ASCII characters. If the username is made up of extended ASCII characters, the code pages of the client and server have to be the same for the client and server to interoperate.

For more information, see [MS-PEAP] or [RFC2716].

The Extensible Authentication Protocol Method for Microsoft CHAP security claims are specified in section 5.

The client and server implementations of this protocol have to use the same system active ANSI code page as specified in [MS-UCODEREF] section 2.2.1 for them to interoperate successfully.