Hello :-)
> Yes, I understand that TLS negotiates WEP keys dynamically based on the > certificate information shared between the AAA server and the > supplicant. I don't think I explained myself well enough in my first > reply, as my terminology is lacking due to the fact that I am not > extreamely familiar with all of this quite yet. Basically, I was > wondering if the EAP/MD5 combination does infact encrypt the data > between the client and AP, period. Correct me if I am wrong, but this Look, that's exactly what I tried to explain below: EAP/MD5 does not encrypt anything on the air interface. Nor does TLS. Those are two authentication methods which happen between the USER and the SERVER. The air encryption is between AP and USER, ok? :-) > method encrypts a preshared WEP key shared between the supplicant and > the AP using MD5? That same MD5 challenge is used to encrypt the data > between the AP and the supplicant? If yes, I know it's not as secure as > negotiated dynamic keys but none the less, it's encryption of some sort, > which is better than just a wep key and unencrypted data between > supplicant and AP. Ahem, no, no, no and once more: NO. You can define static WEP keys but that has nothing to do with EAP/MD5. It's a basic misunderstanding, that's why I tried to explain it below. Please, read it. Everything what's WEP begins AFTER the EAP/MD5 has successfully finished. Otherwise it doesn't happen at all. That's the sense of the port control (which EAP/MD5 is part of). > Your explaination below is a little over my head, so please forgive me > if I've asked a question or made an assumption which is contrary to the > explaination you gave below in the first place :) Shake it and try to reread it, I think it's comprehensive. But make your head free of wrong assumptions about the WEP keys and the EAP authentication. You are confusing the SKA (WEP secret based network authentication) with EAP/MD5. SKA would represent a very similiar exchange to EAP/MD5 but it's completely different in terms of protocol, used cryptographic bricks (RC4 in WEP and MD5 in EAP/MD5) and where it takes place. And: it is not secure at all since WEP has a lot of security flaws with available tools to use those. Regards, artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
