Changes
Move the MSCHAPv2 stuff into the Cert Pinning section
====Certificate pinning====
Due to vulnerabilities in the MSCHAPv2 protocol that allow the protocol to be cracked quickly with a 100% success rate<ref>[https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/]</ref>, it is ''absolutely critical'' that the RADIUS server certificate be validated properly before attempting authentication. Unfortunately, VT is in the process of deprecating a much stronger authentication method, [[EAP-TLS]], and as such, network certificates will no longer be an option.
Where possible, we opt for the highest level of verification of the certificate: manually pinning the hash of the certificate we expect to be presented. The canonical form of the hash used by many network managers is the SHA256 hash of the DER encoding of the certificate.
For general tips on improving your security while using the network, consider reading reading the EFF's [https://ssd.eff.org/ Surveillance Self-Defense] tips and/or contacting the [https://security.vt.edu/ Virginia Tech Information Security Office].
==Set your remote access (network) passphrase==