does freeradius support key-wrap

Michael Martinez mwtzzz at gmail.com
Sun Apr 10 18:38:48 CEST 2016


Ok, I have more  context for my question:

Does Freeradius support something similar to Cisco's use of key-wrap
as defined in https://tools.ietf.org/html/draft-zorn-radius-keywrap-18
?
In their implementation they define a way to securely transmit
cryptographic keying material (such as from an EAP conversation)
between NAS and Radius server using a a keywrap around the keying
material to protect encryption key distribution.

Supposedly this "protects" a man-in-the-middle from grabbing the EAP
keys? I'm not sure how this increases security because you can't do
anything with the public keys anyway. But I suppose it's a "stronger"
way of encrypting that information as opposed to the standard hash
that's currently done.

The reason I'm asking, I'm doing some contract work for a university.
The bosses want to know, presumably because they have some compliance
requirements they need to satisfy.

I see a few past discussion of this from the mailing list, but no
clear answer on whether freeradius does this.

-- 
---
Michael Martinez
http://www.michael--martinez.com


More information about the Freeradius-Users mailing list