Re: PMK or PTK instead of PSK in radius response when wpa_psk_radius=2 or wpa_psk_radius=3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Dec 4, 2023, at 4:22 PM, Daniel S <timeport0@xxxxxxxxx> wrote:
> Is there a way(or why you shouldn't/couldn't) to provide the
> PMK(perhaps via MS-MPPE-Recv-Key) instead of a cleartext
> Tunnel-Password as a radius response?

  MS-MPPE-Recv-Key already has a defined meaning.  You can't change that meaning without changing all pieces of software which use it.

> It would solve the less-than-ideal situation of storing and
> transmitting PSKs in cleartext or reversible encryption.

  I'm not sure what you're getting at.  MS-MPPE-Recv-Key and Tunnel-Password are both protected with reversible encryption.  Neither of them send data in clear text.

> I tried as a test just sending the PMK or PTK back as MS-MPPE-Recv-Key
> as in EAP but seems that didn't do the trick.

  Of course.  If you put IPv6 addresses into an IPv4 field it won't work, either.

  The protocols and attributes have defined meaning.  You can't just put different data into an attribute and expect the systems to understand what you intend.

  Alan DeKok.


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux