> > 3.the AP uses the key received from Server to encrypt WEP key. > > AP actually produces two WEP keys, a broadcast and a unicast keys and > then send those encrypted to the supplicant, using EAPOL-Key method. >
Does anyone have a clue how the AP selects the right key to use as the key-mapping-key? I've been assuming all along that the MPPE-Send-Key is truncated to the correct number of bits, and used directly to WEP encrypt traffic between it and the STA, but that doesn't work. I see rumblings in some documents about key generation, but it isn't clear that the AP itself must handle key generation, and that the RADIUS server performs the key generation, which is then encoded in the MPPE attributes. Thoughts? PatC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html