In order to use the EAPOL-Key exchange, there needs to be shared secret material at both the AP and station. EAP-TLS and other methods establish this during the authentication exchange and the RADIUS server transfers this to the AP (authenticator) in the MPPE-Key attribute, carried in the EAP Success message.
To use EAP-MD5 to generate keys, you would have to have some shared secret to use for the EAPOL-Key exchange. With a supplicant on the station and an authenticator on the AP that understand how to get from the EAP Success message to the end of the EAPOL-Key exchange, you could do this with WPA certified equipment. But, you might have to extend the existing supplicants and authenticators to use EAP-MD5. For non-WPA equipment, all bets are off. Anything you do here would be proprietary. -Bob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Krishna Prasanth Sent: Wednesday, December 03, 2003 8:55 PM To: [EMAIL PROTECTED] Subject: RE: [BAWUG] Dynamic WEP Keys Hi Bob & Dave, Thanks for the info. One more query: If i'm using non-wpa complaint stations & AP's and using EAP-MD5 authentication using RADIUS or Local authentication method, can i generate Dynamic Keys and send them over to the Station?? Bit clearer: After Authenticator sees SUCCESS from the RADIUS for the station, can i(Authenticator) send EAPOL-Key Message to the station with a key value?? Here i have two options: 1. I can send key without encryption(even though it is useless), then will the client will accept or reject that key?? 2. Can i use a pre-shared key b/w authenticator & supplicant?? (Pls assume that all systems are non-wpa compliant). Then i should have a proprietary solution on both supplicant & Authenticator side rigth?? Please clarify me, Thanks in advance. regards -krishna --- "Nelson, David" <[EMAIL PROTECTED]> wrote: > Bob O'Hara writes... > > > Actually, the answer is yes, you can support > dynamic WEP keys without > an > > EAP authentication method. The way to do this is > with a pre-shared > key. > > Yes, that's right, of course, but strictly speaking > it's not just > Dynamic WEP keys when you're using WPA-PSK, it's > TKIP. Perhaps I was > being far too literal. Sorry. :-) > > -- Dave > > > > -- > general wireless list, a bawug thing > <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
