PEAP label in PRF

Chitrang Srivastava chitrang.srivastava at
Wed Sep 14 17:02:33 CEST 2016

Thanks Alan,
Yeah I was also not sure why PEAPv02 start using old seed. Could it be
because most PEAPv1 implementation still use old seed and hence new draft
thought of falling to old seed?

Also is their any draft which mandate old seed for PEAPv0 because the draft
didn't say anything about it.

A quote from draft says
[a] The PEAPv2 tunnel key (TK) is calculated using the first 40 octets of
the (secret) key material generated as described in the EAP-TLS
algorithm ([RFC2716]
Section 3.5 <>). More
explicitly, the TK is the first 40 octets of the PRF as defined in [RFC2716
<>]: PRF(master secret,"client EAP
encryption", random) Where random is the concatenation of
client_hello.random and server_hello.random

On 14 Sep 2016 11:34 a.m., "Chitrang Srivastava" <
chitrang.srivastava at> wrote:

> Hi,
> This is regarding seed label which is used in PRF(Pseudo random function)
> to derive session keys.
>      PEAPv0: -
> I don't see any mention of label but look like it uses *client EAP
> encryption ? *Any official draft or RFC mentioned PEAPv0 uses this label ?
>      PEAPv1:
> tls-eap-05  *client PEAP encryption*
>      PEAPv2:
> tls-eap-10  *client EAP  encryption*
> So on the *client *side the code should be something like
> if(PEAP_version ==1)
>    label is
> *client PEAP encryption*
> otherwise   // For version 0 and 2
>   label is *client PEAP encryption*
> This look OK? Why PEAPv2 uses old label ?

More information about the Freeradius-Users mailing list