User certificate selection, User certificate selection -9, Table 7-8 – Motorola ENTERPRISE DIGITAL ASSISTANT MC70 User Manual

Wireless Applications

7 - 9

Table 7-8

lists the TTLS tunneled authentication options.

User Certificate Selection

If you checked the

User Certificate

check box on the

Tunneled Authentication

dialog box or if

TLS

is the selected

authentication type, the

Installed User Certificates

dialog box displays. Select a certificate from the drop-down

list of currently installed certificates before proceeding. The selected certificate’s name appears in the
drop-down list. If the required certificate is not in the list, install it.

Figure 7-10

Installed User Certificates Dialog Box

Table 7-8

TTLS Tunneled Authentication Options

TTLS Tunneled

Authentication

Description

CHAP

Challenge Handshake Authentication Protocol (CHAP) is one of the two main
authentication protocols used to verify the user name and password for PPP Internet
connections. CHAP is more secure than PAP because it performs a three way
handshake during the initial link establishment between the home and remote
machines. It can also repeat the authentication anytime after the link is established.

MS CHAP

Microsoft Challenge Handshake Authentication Protocol (MS CHAP) is an
implementation of the CHAP protocol that Microsoft created to authenticate remote
Windows workstations. MS CHAP is identical to CHAP, except that MS CHAP is
based on the encryption and hashing algorithms used by Windows networks, and the
MS CHAP response to a challenge is in a format optimized for compatibility with
Windows operating systems.

MS CHAP v2

MS CHAP v2 is a password based, challenge response, mutual authentication
protocol that uses the industry standard Message Digest 4 (MD4) and Data
Encryption Standard (DES) algorithms to encrypt responses. The authenticating
server challenges the access client and the access client challenges the
authenticating server. If either challenge is not correctly answered, the connection is
rejected. MS CHAP v2 was originally designed by Microsoft as a PPP authentication
protocol to provide better protection for dial-up and virtual private network (VPN)
connections. With Windows XP SP1, Windows XP SP2, Windows Server 2003, and
Windows 2000 SP4, MS CHAP v2 is also an EAP type.

PAP

Password Authentication Protocol (PAP) has two variations: PAP and CHAP PAP. It
verifies a user name and password for PPP Internet connections, but it is not as
secure as CHAP, since it works only to establish the initial link. PAP is also more
vulnerable to attack because it sends authentication packets throughout the network.
Nevertheless, PAP is more commonly used than CHAP to log in to a remote host like
an Internet service provider.

MD5

Message Digest-5 (MD5) is an authentication algorithm developed by RSA. MD5
generates a 128-bit message digest using a 128-bit key, IPSec truncates the
message digest to 96 bits.