> All of the WEPs would be created in advance, and entered into the client's > configuration > and into a database/file which is readable by Freeradius.
Umm.... ICK... Why go to all that work when you can let the AP's handle the job of doing WEP key distribution on a much more secure scale?? First of all, you have a misconception. FreeRadius *DOES NOT* hand out WEP keys. That job belongs to the Access Point itself. At no point does FR ever know or care to know what WEP key is being used where. What FreeRadius does (using the MPPE-SEND-KEY and MPPE-RECEIVE-KEY attributes) is generate the key that is used by the AP to *encrypt* the WEP key for delivery to the client. In other words, though the various means (TLS, TTLS, PEAP, LEAP), a master key is derived, usually from the TLS session parameters of the TLS-based methods. A new key is derived from the master key on FreeRadius and the client. FreeRadius then sends this key through the final EAP_SUCCESS packet to the access point. The Access Point uses this key to encrypt the WEP key *IT* has chosed randomly to the client so that the WEP key is not flying through the air unencrypted. The client then uses the master key derived key to unencrypt the WEP key, install it on the card, and go about its business. Most APs also rotate these keys on a regular basis, then use that same master key derived key to send the new WEP keys to the client. It is very important to understand this concept when understanding how EAP and wireless work. -- --Mike -------------------------------- Michael Griego Wireless Network Administrator University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
