For peap with ms-chapv2 are the MPPE keys derived from ms-chap or TLS material?
Alan DeKok
aland at deployingradius.com
Sat Sep 6 23:32:32 CEST 2014
On Sep 6, 2014, at 4:35 PM, <mark.leese at stfc.ac.uk> <mark.leese at stfc.ac.uk> wrote:
> This is hopefully a simple question and so apologises if I’m being stupid :-) When using PEAP with an inner method of MS-CHAPv2, are the encryption keys (MS-MPPE-Recv-Key and MS-MPPE-Send-Key) derived from the MS-CHAP material or the TLS tunnel information? I always thought it was from the TLS tunnel, just like RFC3079 says it is when using EAP-TLS, but I could not find a definitive answer for PEAP.
The MPPE keys are always derived from the TLS session parameters.
Alan DeKok.
More information about the Freeradius-Users
mailing list