EAP-MSCHAPv2 is indeed mutual, but is prone to MITM dictionary attacks