4 Mar
2016
4 Mar
'16
2:49 p.m.
On Mar 4, 2016, at 2:45 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
On Fri, Mar 4, 2016 at 10:48 AM, Alan DeKok <aland@deployingradius.com> wrote:
Trying to authenticate third-party SIM cards is a hack. It will always be a hack. You MUST have the SIM keys in order to do proper, secure, authentication.
I understand and agree. Do you have any practical advice on how to get the SIM key? People who are implementing EAP-SIM/Freeradius in production environments, what are they doing to get them?
The people who use EAP-SIM are typically Telcos who buy SIM cards directly from the manufacturers, and who therefore can control the keys. As a third-party person trying to authenticate random SIM cards... it's impossible. Alan DeKok.