The Microsoft Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) implementation is being deprecated from the beta versions of Windows Vista (922574)


The information in this article applies to:

  • Windows Vista Home Basic Beta
  • Windows Vista Home Premium Beta
  • Windows Vista Home Ultimate Beta

Beta Information

This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location where you downloaded the release.

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

INTRODUCTION

This article discusses the pending removal of the Microsoft Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) implementation from the beta versions of Microsoft Windows Vista.

MORE INFORMATION

Starting with the February 2006 Community Technical Preview (CTP), the Microsoft EAP-MD5 implementation is being deprecated from the beta versions of Windows Vista. Although the EAP-MD5-related registry keys no longer appear in Windows Vista, the EAP-MD5 functionality remains in the Raschap.dll file.

The removal of the Microsoft implementation of EAP-MD5 directly affects remote access services, virtual private network (VPN) services, and wired 802.1X deployments. These components can no longer use the Microsoft EAP-MD5 implementation for authentication.

Important We are not removing support for EAP-MD5 in Windows Vista. Instead, we are removing support for the Microsoft EAP-MD5 implementation. You can still use EAP-MD5 in Windows Vista by obtaining a third-party EAP-MD5 implementation or by configuring your own EAP-MD5 EAPHost-compliant EAP method.

Note We have decided to deprecate the Microsoft EAP-MD5 implementation to help improve security in Windows Vista. We have determined that EAP-MD5 does not meet the Microsoft security requirements for Windows Vista. Therefore, to help improve security in Windows Vista, we no longer support the Microsoft EAP-MD5 implementation for authentication purposes.

Because the pending removal of the Microsoft EAP-MD5 implementation may affect users who use EAP-MD5 in the beta versions of Windows Vista, you can use the following registry information to re-enable the Microsoft EAP-MD5 implementation. These registry entries only affect the beta versions of Windows Vista.

How to re-enable EAP-MD5 support in the beta versions of Windows Vista

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To re-enable EAP-MD5 support in the beta versions of Windows Vista, add the following registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\4

Value name: RolesSupported
Value type: REG_DWORD
Value data: 0000000a

Value name: FriendlyName
Value type: REG_SZ
Value data: MD5-Challenge

Value name: Path
Value type: REG_EXPAND_SZ
Value data: %SystemRoot%\System32\Raschap.dll

Value name: InvokeUsernameDialog
Value type: REG_DWORD
Value data: 00000001

Value name: InvokePasswordDialog
Value type: REG_DWORD
Value data: 00000001

Modification Type:MinorLast Reviewed:7/18/2006
Keywords:kbRegistry kbDriver kbhowto kbinfo KB922574 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.