Jouni Malinen j
Sun Jan 23 08:49:50 PST 2011

On Fri, Jan 14, 2011 at 12:05:35AM -0800, rosect190 at wrote:
> When using PEAP/MSCHAPv2, there are two places where keys are generated.
> One is in eap_server.c / SM_STATE(EAP, METHOD_RESPONSE), where eap_peap_getKey() 
> is called (sm->eap_if.eapKeyData = sm->m->getKey(..))
> The other is in eap_server_peap.c  where eap_mschapv2_getKey() is called.
> (data->phase2_key = data->phase2_method->getKey();)
> What are the differences between the two keys? Thank you.

The former is the key generated by PEAP (i.e., MSK/PMK) and the latter
is an intermediate key generated by a Phase 2 method during the PEAP
run. The intermediate key could be used in the PEAP key generation
and/or binding of the separate operations.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list