Skip to main content

Adding Support for Salted Password Databases to EAP-pwd

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: The IESG <>,,,,, Stefan Winter <>,
Subject: Document Action: 'Adding Support for Salted Password Databases to EAP-pwd' to Informational RFC (draft-harkins-salted-eap-pwd-08.txt)

The IESG has approved the following document:
- 'Adding Support for Salted Password Databases to EAP-pwd'
  (draft-harkins-salted-eap-pwd-08.txt) as Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Kathleen Moriarty.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   EAP-pwd is an EAP method that uses a shared password for
   authentication using a technique that is resistant to dictionary
   attack.  It included support for raw keys and RFC2751-style double
   hashing of a password but did not include support for salted
   passwords.  There are many existing databases of salted passwords and
   it is desirable to allow their use with EAP-pwd.

Working Group Summary

   This is an individual draft that was reviewed on a few mailing lists.  
   Reviews were sparse, so I reached out to several reviewers with 
   expertise in the technologies used.  The feedback was discussed and 
   incorporated into the draft prior to the IETF last call.

Document Quality

 There are implementations of the EAP-pwd base specification 
 for several operating systems (Windows, Linux, Android), 
 originating from one vendor (Aruba Networks / HP Enterprise).
 The same vendor (and in fact author of the spec) also has running 
 code for this new draft. This code is unpublished due to the lack of
 code points. When this draft gets published as RFC with the
 corresponding IANA actions, it can be expected that the
 implementation will be out soon after.


The Document Shepherd is Stefan Winter <>. 
The responsible Area Director is Kathleen Moriarty (


  This draft adds eight values to the "password
   preprocessing method registry" established by [RFC5931].

RFC Editor Note