Alain Perry [EMAIL PROTECTED] wrote:
Yep, the problem is that the encryption is WEP isn't it ? I don't really
mind that WEP is easy to break, since I could change the key often
enough,
WEP with static keys is insecure. TTLS PEAP include ways of
rotating the keys before the data can be
WEP with static keys is insecure. TTLS PEAP include ways of
rotating the keys before the data can be decrypted. It's not a problem.
Yep. I guess I wasn't clear. Sorry for my english by the way. The thing
is, WEP cannot be used in my case, since the WEP key is shared among
users at a given
Le sam 26/06/2004 à 15:52, Michael Griego a écrit :
Depending on your access points, this is not true. If you're using
Cisco APs, for instance, you have per-user WEP keys generated so that
each user can only decrypt his traffic. Any AP that claims WPA
compliance should issue per-user keys,
Alain Perry [EMAIL PROTECTED] wrote:
Yep. I guess I wasn't clear. Sorry for my english by the way. The thing
is, WEP cannot be used in my case, since the WEP key is shared among
users at a given moment,
Which is why EAP-TLS, EAP-TTLS, and PEAP all provide per-user WEP
keys.
Can I send
Which is why EAP-TLS, EAP-TTLS, and PEAP all provide per-user WEP
keys.
Yep, got that. But as I said in one of my previous mails, that is not
really possible in my case.
EAP methods do authentication, and *nothing* else. Even the WEP key
sending is a hack on top of that, that the AP
Alain Perry [EMAIL PROTECTED] wrote:
Yep, got that. But as I said in one of my previous mails, that is not
really possible in my case.
If your AP's can't do per-user WEP keys, then they can't do EAP-TLS,
EAP-TTLS, or PEAP. It means that the *only* way you can secure the
wireless connection
On Sat, 2004-06-26 at 22:25, Alan DeKok wrote:
If your AP's can't do per-user WEP keys, then they can't do EAP-TLS,
EAP-TTLS, or PEAP. It means that the *only* way you can secure the
wireless connection is by making the clients use VPN's.
Technically speaking, there are APs that will do
Le jeu 24/06/2004 à 19:06, Alan DeKok a écrit :
Use EAP-TLS, EAP-TTLS, or EAP-PEAP.
Yep, that's what I finaly planned.
Then EAP-TLS is probably not worth it.
Okay, so, that only leaves me with EAP-TTLS and EAP-PEAP
That's not how wireless works. It sets up an encryption key used to
Hi list,
I'm sorry if this message is somehow lame, but I need to get some more
understanding of the different options offered by FreeRADIUS and the
standards to decide how to use it.
I want users to be able to authenticate over an insecure link (wireless
for example) and then to be able to use
9 matches
Mail list logo
