hi
> I'm not Raghu or Henrik, but your description is correct. You are Lars :-) That's as good as Henrik from my point of view :))) Sorry for not mentioning you but there are probably a lot of people (in fact anybody who is not too lazy to take a look in some papers) who know exactly how it works. > One minor detail you didn't include is that the supplicant and > authentication > server derives two (256-bit) keys. One is used to encrypt the key field in > the > EAPOL-Key message and the other is used to sign it. Ok, thank you. Since you were participating in the patch developping: which algorithms do they use for key derivation, signing and encryption beginning from the TLS master key? (yes, i could look in the code). > > Personal remark: i said it doesn't matter much, because in my opinion > > there are better ways to do that. i would probably never send any > > unicast keys to the supplicant since it can produce them on his own, but > > ok, it seems to work in this way for whatever reason. > > I guess that one advantage with doing it this way is that it is possible > to rekey (update the WEP keys) without redoing the TLS authentication. Well, I would do it exactly the other way round: I would rekey each time TLS rekeys... Except that the standard TLS rekey time is too long for rapid rekeying which should be done in the WEP case... Actually, it would be possible to rekey with "my" way in almost the same manner: at some point of time the AP and the supplicant possess the same key material. The EAPOL-Key message would be just a trigger for rekeying (signed to prevent DOS). The only point I don't like about the currently used scheme is, that there are keys which are sent over the air-interface although those could be derived independently. During for broadcast keys it's necessary, I don't really see why they do it in the unicast case. And additionally, the broadcast key doesn't have to be as secure as the unicast (in fact, supplicant doesn't have a trust relationship to other members of the BSS, only AP does). Raghu supposed that in that manner they use exactly the same method for unicast and broadcast key; indeed, in "my" case there would be two variants. On the other hand, who guarantees that the AP is able to derive good WEP keys? Well, nevermind. Lars, I actually have a problem with your patch which I applied to 0.6: it compiled correctly and i can see the MPPE keys in the access accept but the AP and the supplicant seem to be out of sync, i.e. I can't transmit any data. Could you help me? What points should I check? (i use XP with cisco ap340). Lars or somebody: do you know how to sniff on the air interface using the cisco 340 adapter under XP? ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
