EAP-MD5¶
EAP-MD5 (EAP type 4) is a simple challenge/response method defined in RFC 3748 §5.4. It transmits the challenge and response in cleartext (no TLS tunnel), making passive capture sufficient. No rogue AP required.
MD5-Challenge Structure (RFC 3748 §5.4)¶
The authenticator sends a random challenge. The peer responds with an MD5 hash over the EAP identifier, password, and challenge:
Where:
- Identifier: 1-byte EAP packet ID (from the Request frame)
- Password: the user's password (plaintext bytes, no encoding specified)
- Challenge-Value: random bytes sent in the MD5-Challenge Request
The MD5 output is 16 bytes. RFC 3748 does not specify padding or encoding of the password; implementations use it as raw bytes.
Packet-Level Exchange¶
Authenticator → Peer:
EAP Code: 1 (Request)
Identifier: 0x42
Type: 4 (MD5-Challenge)
Value-Size: 0x10 (16 bytes)
Value: <16 random challenge bytes>
Name: <optional authenticator identity>
Peer → Authenticator:
EAP Code: 2 (Response)
Identifier: 0x42
Type: 4 (MD5-Challenge)
Value-Size: 0x10
Value: MD5(0x42 || Password || Challenge)
Name: <peer identity>
Both frames are visible in a passive capture. No TLS or encryption.
Hash Extraction¶
Also extractable with Wireshark by filtering eap frames and reading the
MD5-Challenge fields manually.
hashcat Mode 4800 Format¶
| Field | Encoding | Size |
|---|---|---|
| md5_response | 32-char hex (16 bytes) | 16 bytes |
| identifier | 2-char hex (1 byte) | 1 byte |
| challenge | variable hex | variable (typically 16 bytes) |
Example hash line:
Cracking¶
Mode 4800 is extremely fast. MD5 with no key stretching, no PBKDF2. Billions of candidates per second on GPU. Any password under ~10 characters with a reasonable charset is crackable in seconds with a GPU.
Why EAP-MD5 Is Insecure¶
- No mutual authentication: the client cannot verify the server. Any device broadcasting the right SSID and sending a challenge will receive the user's MD5 response.
- No session key derivation: EAP-MD5 produces no keying material for encrypting data frames. Networks using EAP-MD5 cannot deploy WPA encryption properly.
- MD5 with no key stretching: the hash is directly crackable at GPU speed.
- RFC 3748 itself explicitly recommends against EAP-MD5 for wireless (§5.4: "EAP-MD5 SHOULD NOT be used ... in environments where authentication information could be captured").
EAP-MD5 is deprecated for wireless by RFC 3748 and should not appear in production deployments. It persists in legacy enterprise environments.
Spec References¶
- EAP-MD5: RFC 3748 §5.4
- hashcat format:
HCX_EAPMD5_OUTin hcxpcapngtool.h