The TLS protocol combined with certificate based authentication generates a key that has high entropy. The result is a key which is theoretically impossible to mount a dictionary-based attack against, the bane of most password based authentication schemes. Furthermore, an 802.1x implementation prevents a key-scheduling attack by re-keying frequently so an attacker is prevented from collecting the requisite number of packets to conduct an offline analysis for key recovery.

Microsoft Windows 2000
Deploying a secure wireless infrastructure based on the 802.1x protocol is easy with Windows 2000. The necessary building blocks are provided by default within the Windows 2000 Server Family. These components offer a simplified management environment, unequaled performance, and tight integration with the operating system.

The building blocks include:

• Certificate Services (Public Key Infrastructure)—Certificate Services provides customizable services for issuing and managing certificates that are used in software security systems that employ public key technology.
• Internet Authentication Services (RADIUS)—As a RADIUS server, Internet Authentication Service performs centralized connection authentication, authorization, and accounting for many types of network access including wireless, authenticating switch, and remote access dial-up and virtual private network (VPN) connections.
• Active Directory (LDAP Compliant Directory)—The Active Directory® service allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security.

Support for 802.1x with EAP-TLS on Windows 2000 is provided by the 802.1x Authentication Client available by download from Microsoft.