For peap with ms-chapv2 are the MPPE keys derived from ms-chap or TLS material?

Alan DeKok aland at
Sat Sep 6 23:32:32 CEST 2014

On Sep 6, 2014, at 4:35 PM, <mark.leese at> <mark.leese at> wrote:

> This is hopefully a simple question and so apologises if I’m being stupid :-) When using PEAP with an inner method of MS-CHAPv2, are the encryption keys (MS-MPPE-Recv-Key and MS-MPPE-Send-Key) derived from the MS-CHAP material or the TLS tunnel information? I always thought it was from the TLS tunnel, just like RFC3079 says it is when using EAP-TLS, but I could not find a definitive answer for PEAP.

  The MPPE keys are always derived from the TLS session parameters.

  Alan DeKok.

More information about the Freeradius-Users mailing list