Communication between hostap and Radius Server (several hops away)

michael-dev at fami-braun.de michael-dev at fami-braun.de
Fri Mar 26 07:08:18 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Douglas Diniz schrieb:
> Thanks M. Braun. One more question, even with EAP-TTLS the MSK is sent
> only with MD5 encryption, with Radius Shared Secret as seed, right?

I'm uncertain on which MSK you're referencing.

The TLS tunnel is established between the supplicant and the
authentication radius server (not the proxy), so the radius shared
secret is not known to both parties. The radius response (AccessAccept /
AccessReject) itself is protected by a MD5 hash (Response Authenticator)
over the reply content, the request authenticator and the radius shared
secret.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkuslZ0ACgkQja4h02Y9mldTWACfVJBYDlAzt/lhbQXuItKRRY1i
86wAnRY3mI4z3+Raqt6p1zQkpqyVenTl
=MUsB
-----END PGP SIGNATURE-----


More information about the HostAP mailing list