For peap with ms-chapv2 are the MPPE keys derived from ms-chap or TLS material?
Hi, This is hopefully a simple question and so apologises if I'm being stupid :-) When using PEAP with an inner method of MS-CHAPv2, are the encryption keys (MS-MPPE-Recv-Key and MS-MPPE-Send-Key) derived from the MS-CHAP material or the TLS tunnel information? I always thought it was from the TLS tunnel, just like RFC3079 says it is when using EAP-TLS, but I could not find a definitive answer for PEAP. Thanks in advance, Mark. -- Scanned by iCritical.
On Sep 6, 2014, at 4:35 PM, <mark.leese@stfc.ac.uk> <mark.leese@stfc.ac.uk> wrote:
This is hopefully a simple question and so apologises if I’m being stupid :-) When using PEAP with an inner method of MS-CHAPv2, are the encryption keys (MS-MPPE-Recv-Key and MS-MPPE-Send-Key) derived from the MS-CHAP material or the TLS tunnel information? I always thought it was from the TLS tunnel, just like RFC3079 says it is when using EAP-TLS, but I could not find a definitive answer for PEAP.
The MPPE keys are always derived from the TLS session parameters. Alan DeKok.
participants (2)
-
Alan DeKok -
mark.leese@stfc.ac.uk