On Sun, Apr 10, 2016 at 10:15 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Apr 10, 2016, at 12:38 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
Ok, I have more context for my question:
Does Freeradius support something similar to Cisco's use of key-wrap as defined in https://tools.ietf.org/html/draft-zorn-radius-keywrap-18
No.
Thanks for the answer. I agree with what you're saying. I'm sure Cisco implemented this for no other reason than a "feel good" thing for management. I agree it doesn't do anything to increase security. My understanding of key-wrap is that it is useful only in cases where you want to change the key without re-encrypting all the data (eg TrueCrypt: https://www.linkedin.com/pulse/encryption-what-key-wrapping-frank-hi%C3%9Fen), or in cases where for some reason you want to encrypt stuff without using random keys (http://crypto.stackexchange.com/questions/1107/why-do-we-need-special-key-wr...), but in both cases it does nothing to increase security.
It would help to describe those requirements.
That's all they gave me: "does freeradius support key-wrap?" And from that I'm pretty sure they're referring to the use of a keywrap to encapsulate the transmission of keys. And you've answered that Freeradius doesn't do it, nor does it need to. -- --- Michael Martinez http://www.michael--martinez.com