Real Products for Real WLAN Security
EAP-MD5 is the least secure version of EAP because it uses user names and passwords for authentication and is vulnerable to dictionary attacks. In addition, EAP-MD5 does not support Dynamic WEP keys, which is a critical liability.
EAP-TTLS (Tunneled Transport Layer Security) is Funk software's version of EAP that uses Funk's Odyssey or Steel-Belted RADIUS Server. It's also supported by third-party client software from vendors, such as MDC. Funk's selling point is that PKI certificates are required only on the authentication server but not on the clients. In general, this is considered almost as secure as EAP-TLS while making deployment simpler.
The link for this article located at ZDNet is no longer available.