On 2 Oct 2002, Pat Calhoun wrote:
> > > 3.the AP uses the key received from Server to encrypt WEP key.
> >
> > AP actually produces two WEP keys, a broadcast and a unicast keys and
> > then send those encrypted to the supplicant, using EAPOL-Key method.
> >
>
> Does anyone have a clue how the AP selects the right key to use as the
> key-mapping-key? I've been assuming all along that the MPPE-Send-Key is
> truncated to the correct number of bits, and used directly to WEP
> encrypt traffic between it and the STA, but that doesn't work. I see
it would work but it is not how it works. the MPPE is independent of WEP
or whatever else. how it works exactly is described in the MS
informational RFC. just look for it at ietf or the freeradius site. it
describes exactly how to encrypt etc. all attributes.
s. also freeradius RFC site and the code of course.
and what the henk is key-mapping-key?
> rumblings in some documents about key generation, but it isn't clear
> that the AP itself must handle key generation, and that the RADIUS
> server performs the key generation, which is then encoded in the MPPE
> attributes.
>
> Thoughts?
at the moment it definitely works like this: radius server supplies the
keys with which the WEP keys will be signed and
encrypted before being sent to the supplicant in an EAPOL key frame.
the actual WEP keys are the problem of the AP, it will usually just pick
up some random values.
but which unclear docs are you talking about?
ciao
artur
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
