EAP-TLS 802.1x & security related questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I spent 2x entire days working with hostap and I am able now to make lot of things working as I would like.. First time I am creating a PKI infrastructure so I am still learning on this side.

My first question is "conceptual" regarding encryption in case of EAP-TLS / 802.11x: No issue regarding how authentication works with certificates, it is more on the encryption where it uses CCMP but I am wondering which method is used as it is not using a PSK anymore, what is used to encrypt message for CCMP? Encrypted by certificates and dynamics keys on each side?

Just to double check that:
wpa_key_mgmt=WPA-EAP
wpa=2
wpa_pairwise=CCMP
rsn_pairwise=CCMP
ieee8021x=1

is correct configuration? Is wpa=2 still needed? (I guess yes to use CCMP)


My second question is regarding enforcing security as much as I can, I am using:
macaddr_acl=1
auth_algs=1
eapol_version=2
check_crl=2
ieee80211w=2
wpa_key_mgmt=WPA-EAP-SHA256

Regarding the last option (WPA-EAP-SHA256) I don't understand exactly where (ciphers?algorithm?) SHA256 is used? I am confused and don't see where this is applied and used in the different security mechanisms...

I have generated a bigger DH parameter file and use the dh_file option but I don't think it is used when I am analyzing it through a packet capture..any idea why?
Any other thing I can think about to get the "best secured" system?

A huge thanks for your help :)

belette

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux