How to enable EAP-MD5 on Windows 7

22 Feb 2013 - tsp

Because MD5 challenge authentication has been disabled because of security problems by default (don’t use this on any untrusted network anyway - I’ve just written this note to show how to enable them in case one has crappy managed switches) the following changes are necessary to re-enable EAP-MD5:


"RolesSupported"=dword:0000000a"FriendlyName"="MD5-Challenge""Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\  61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00"InvokeUsernameDialog"=dword:00000001"InvokePasswordDialog"=dword:00000001
testuser    NAS-Port-Type == Ethernet, Cleartext-Password := "u804u489"

One should use other methods if they are available (EAP-TLS would be the best method available; else EAP-PEAP with MSCHAPv2 would be sufficient).

This article is tagged: MS Windows, Administration

Dipl.-Ing. Thomas Spielauer, Wien (

This webpage is also available via TOR at http://jugujbrirx3irwyx.onion/

Valid HTML 4.01 Strict Powered by FreeBSD IPv6 support