Re: 802.1x Problems

From: Jouni Malinen (
Date: 2002-10-11 08:02:54 UTC

On Thu, Oct 10, 2002 at 09:18:18AM +0200, Jacques Caron wrote:

> This is one option, but it is also possible for the AP (and client) to use
> the session key derived from the EAP method directly. This is indicated by
> an empty key field in the EAPOL-Key message. Cisco APs for instance use
> that key as unicast key, and send the encrypted broadcast key (either
> station or generated in case of broadcast key rotation).

Yes, that's true. I had already forgotten that option since I implemented only the method in which the AP generates the keys. Adding support for this AS-generated key use would be simple, so I might add it as an option. I would prefer the option in which AP takes care of WEP keys, but using AS-generated keys might be useful for AP devices that do not have any reliable source for generating random numbers.

Jouni Malinen                                            PGP id EFC895FA

This archive was generated by hypermail 2.1.4.