Windows XP Access and Authentication Schemes

The platform-specific mechanisms within Windows XP support the following
types of methods:


Username/password

EAP/MD5 authentication methods

PKI-founded EAP-TLS

The EAP/MD5 was mainly created to function with EAP, and its use
is not usually good for a number of applications. When you use the username/
password authentication through challenge/response mechanisms,
it is done right over the WLAN. However, this makes it vulnerable to
dictionary attacks.

MD5 in and of itself does not offer “mutual authentication”; it only
permits the server to validate the client in any given area, but does not
have the sufficient client/server instances necessary to decipher keys to
create a secure channel of communication.


The EAP/TLS authentication mechanism is PKI based and uses certificates
based on or stored in smart cards or the Windows registry file.

EAP/TLS offers the means to have mutual authentication by protecting
the integrity of cipher negotiation and key exchange from a sending
point to the receiving point. TLS authentication mechanisms allow for
mutual authentication that works with client and server so that each is
validating the other through special certificates.