Sun Jan 23 08:49:50 PST 2011
On Fri, Jan 14, 2011 at 12:05:35AM -0800, rosect190 at yahoo.com wrote:
> When using PEAP/MSCHAPv2, there are two places where keys are generated.
> One is in eap_server.c / SM_STATE(EAP, METHOD_RESPONSE), where eap_peap_getKey()
> is called (sm->eap_if.eapKeyData = sm->m->getKey(..))
> The other is in eap_server_peap.c where eap_mschapv2_getKey() is called.
> (data->phase2_key = data->phase2_method->getKey();)
> What are the differences between the two keys? Thank you.
The former is the key generated by PEAP (i.e., MSK/PMK) and the latter
is an intermediate key generated by a Phase 2 method during the PEAP
run. The intermediate key could be used in the PEAP key generation
and/or binding of the separate operations.
Jouni Malinen PGP id EFC895FA
More information about the Hostap