Re: Flow diagram: WPA Enterprise

Author	All Replies
docrice Premium join:2008-03-31 Fremont, CA	reply to jbibe Re: Flow diagram: WPA Enterprise Thanks for the update. Can the supplicant not also derive the basic MK? I had thought this is the basic TLS session key based on the premaster secret and randoms. In Hacking Exposed Wireless (first edition) pg. 81, it's mentioned that for EAP-TLS the generated TLS session key is used as the PMK (which make sense since there's no additional "user auth"). Otherwise at exactly what point is the MK handed from the AS to the supplicant? The same book on pg. 206 mentions that the exact method to determine the PMK differ depending on the auth type, so perhaps this handover is at different points when comparing between EAP-TLS vs. PEAP, for example? What does the "client EAP encryption" refer to exactly?
	to forum · permalink · 2010-08-10 15:41:40 ·

jbibe Premium,MVM join:2001-02-22 2 edits	You are correct on the distribution of the MK. See the following document: »csrc.nist.gov/archive/wireless/S···-jw1.pdf Pages 7, 9, and 43 imply that the AS and the Supplicant derive the MK.
	to forum · permalink · 2010-08-10 17:23:24 ·
docrice Premium join:2008-03-31 Fremont, CA	Thanks again. I've updated the diagram (hopefully more accurate this time). Let me know if you see any other errors.
	to forum · permalink · 2010-08-10 21:44:10 ·
jbibe Premium,MVM join:2001-02-22 1 edit	The diagram matches my present understanding.
	to forum · permalink · 2010-08-11 08:02:26 ·

Broadband Tech > Security > Wireless Security > Flow diagram: WPA Enterprise