Hi guys,

I'm looking into WPA, how it works, why it works, why it better than WEP, etc.

Now, for the authentication with authentication-servers, the EAP protocol is used. There are different varieties of EAP. As far as i can tell, in the EAP
handshake with the server (NOT the EAP 4-way handshake for key generation!)
the identity of the requester is sent in plain-text, unless EAP-TLS is used.

Can anyone confirm this, or am I missing something here?

could anything you're looking for be in:

en.wikipedia.0rg/wiki/Extensible_Authentication_Protocol


(change the 0 in org to an "o")
perhaps?

could anything you're looking for be in:

en.wikipedia.0rg/wiki/Extensible_Authentication_Protocol


(change the 0 in org to an "o")
perhaps?

Wikipedia decribes the different implementations of authentication methods using the EAP framework. I'm looking one step more into detail: what kind of packets are sent, what's in that packets and how useful is that?

Look at this: rediris.3s/moviris/tecnologias/8021xchat.gif
(change the 3 in 3s to "e")

This looks like that the identity, thus the userID is sent in plaintext when a EAP session is initiated. And then we already have the half of the login credentials...