The Microsoft Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) implementation is being deprecated from versions of Windows

Article ID: 922574 - View products that this article applies to.

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986
(http://support.microsoft.com/kb/256986/ )
Description of the Microsoft Windows registry
Expand all | Collapse all

On This Page

INTRODUCTION

This article discusses the pending removal of the Microsoft Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) implementation from versions of Windows Vista.
Back to the top | Give Feedback

MORE INFORMATION

Starting with the public release of Windows Vista, the Microsoft EAP-MD5 implementation is being deprecated from Windows. The removal of the Microsoft implementation of EAP-MD5 directly affects remote access services, virtual private network (VPN) services, and wired 802.1X deployments. By default, these components can no longer use the Microsoft EAP-MD5 implementation for authentication.

The decision to remove the Microsoft EAP-MD5 implementation was made in the interest of improving security in Windows Vista. Because EAP-MD5 does not meet Microsoft security requirements for Windows Vista, we no longer support the Microsoft EAP-MD5 implementation for authentication purposes.

Although the EAP-MD5-related registry subkeys are no longer included in Windows Vista, the EAP-MD5 functionality will remain in the Raschap.dll file until further notice. Because the pending removal of the Microsoft EAP-MD5 implementation may affect users who use EAP-MD5 in versions of Windows Vista, the EAP-MD5 functionality can be manually enabled. To re-enable the Microsoft native EAP-MD5 method, you must use the registry entires that are listed under "How to re-enable EAP-MD5 support in versions of Windows Vista."

Important We are not removing support for EAP-MD5 in Windows Vista. Instead, we are removing support for the Microsoft implementation of EAP-MD5. You can still use EAP-MD5 in Windows Vista by obtaining a third-party EAP-MD5 implementation or by configuring your own EAP-MD5 EAPHost-compliant EAP method.

How to re-enable EAP-MD5 support in versions of Windows Vista

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To re-enable EAP-MD5 support in versions of Windows Vista, add the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\4


Value name: RolesSupported
Value type: REG_DWORD
Value data: 0000000a

Value name: FriendlyName
Value type: REG_SZ
Value data: MD5-Challenge

Value name: Path
Value type: REG_EXPAND_SZ
Value data: %SystemRoot%\System32\Raschap.dll

Value name: InvokeUsernameDialog
Value type: REG_DWORD
Value data: 00000001

Value name: InvokePasswordDialog
Value type: REG_DWORD
Value data: 00000001
Back to the top | Give Feedback

Properties

Article ID: 922574 - Last Review: March 16, 2012 - Revision: 4.0
APPLIES TO
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Starter
Keywords: 
kbregistry kbdriver kbhowto kbinfo KB922574
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top