I was mistaken, but I was always under the impression that EAP/TLS || EAP/MD5 was something like Cisco's LEAP where Supplicant -> AP encryption is possible. Thanks for clearing that up! I know understand that it's not the same thing :)
Thanks for your replies, and again thanks for the great How-To. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Artur Hecker > Sent: Thursday, August 01, 2002 4:23 PM > To: [EMAIL PROTECTED] > Subject: Re: Howto on EAP/MD5 with Windows XP > > > Hello :-) > > > > > Yes, I understand that TLS negotiates WEP keys dynamically > based on the > > certificate information shared between the AAA server and the > > supplicant. I don't think I explained myself well enough > in my first > > reply, as my terminology is lacking due to the fact that I am not > > extreamely familiar with all of this quite yet. Basically, I was > > wondering if the EAP/MD5 combination does infact encrypt the data > > between the client and AP, period. Correct me if I am > wrong, but this > > Look, that's exactly what I tried to explain below: EAP/MD5 does not > encrypt anything on the air interface. Nor does TLS. Those are two > authentication methods which happen between the USER and the > SERVER. The > air encryption is between AP and USER, ok? :-) > > > > method encrypts a preshared WEP key shared between the > supplicant and > > the AP using MD5? That same MD5 challenge is used to > encrypt the data > > between the AP and the supplicant? If yes, I know it's not > as secure as > > negotiated dynamic keys but none the less, it's encryption > of some sort, > > which is better than just a wep key and unencrypted data between > > supplicant and AP. > > Ahem, no, no, no and once more: NO. You can define static WEP keys but > that has nothing to do with EAP/MD5. It's a basic misunderstanding, > that's why I tried to explain it below. Please, read it. Everything > what's WEP begins AFTER the EAP/MD5 has successfully > finished. Otherwise > it doesn't happen at all. That's the sense of the port control (which > EAP/MD5 is part of). > > > > Your explaination below is a little over my head, so please > forgive me > > if I've asked a question or made an assumption which is > contrary to the > > explaination you gave below in the first place :) > > Shake it and try to reread it, I think it's comprehensive. > But make your > head free of wrong assumptions about the WEP keys and the EAP > authentication. > > You are confusing the SKA (WEP secret based network > authentication) with > EAP/MD5. SKA would represent a very similiar exchange to EAP/MD5 but > it's completely different in terms of protocol, used cryptographic > bricks (RC4 in WEP and MD5 in EAP/MD5) and where it takes > place. And: it > is not secure at all since WEP has a lot of security flaws with > available tools to use those. > > > Regards, > > artur > > > -- > Artur Hecker > artur[at]hecker.info > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
