> From: Artur Hecker > To: Lars Viklund; [EMAIL PROTECTED] > Cc: Raghu > Sent: 8/2/2002 10:04 PM > Subject: Re: question about EAP danymic keys generation
> Ok, thank you. Since you were participating in the patch developping: > which algorithms do they use for key derivation, signing and encryption > beginning from the TLS master key? (yes, i could look in the code). The MPPE keys are derived by running the TLS pseudo-random function (which is based on HMAC-MD5 and HMAC-SHA1) on the TLS master secret with the client and server randoms as seed. The key in the EAPOL-Key message is encrypted with RC4 and signed with HMAC-MD5. > Well, I would do it exactly the other way round: I would rekey each time > TLS rekeys... Except that the standard TLS rekey time is too long for > rapid rekeying which should be done in the WEP case... > > Actually, it would be possible to rekey with "my" way in almost the same > manner: at some point of time the AP and the supplicant possess the same > key material. The EAPOL-Key message would be just a trigger for rekeying > (signed to prevent DOS). > > The only point I don't like about the currently used scheme is, that > there are keys which are sent over the air-interface although those > could be derived independently. During for broadcast keys it's > necessary, I don't really see why they do it in the unicast case. And > additionally, the broadcast key doesn't have to be as secure as the > unicast (in fact, supplicant doesn't have a trust relationship to other > members of the BSS, only AP does). I can't see any reason why "your" way wouldn't work. > Raghu supposed that in that manner > they use exactly the same method for unicast and broadcast key; indeed, > in "my" case there would be two variants. That could be one reason. > Lars, I actually have a problem with your patch which I applied to 0.6: > it compiled correctly and i can see the MPPE keys in the access accept > but the AP and the supplicant seem to be out of sync, i.e. I can't > transmit any data. Could you help me? What points should I check? (i use > XP with cisco ap340). I suggest that you first sniff the wireless traffic and check if the AP sends any EAPOL-Key messages to the supplicant. We haven't actually tested the patch with a Cisco AP but we could try to do that. > Lars or somebody: do you know how to sniff on the air interface using > the cisco 340 adapter under XP? Sorry, we use PRISM based cards and Ethereal on Linux for sniffing. The advantage with this setup is that it can capture 802.11 control and management frames as well as data frames. For this scenario that shouldn't be needed though. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
