Sending EAP Identity Encrypted

alan furlong alan250985 at
Thu Sep 22 14:22:36 PDT 2016

On Thu, Sep 22, 2016 at 2:01 PM, Jouni Malinen <j at> wrote:
> On Thu, Sep 22, 2016 at 01:35:55PM -0700, alan furlong wrote:
>> Which EAP method(s) are you thinking of using?
> Both of which support method specific identity privacy mechanisms.. Is
> there a reason why pseudonym username and/or fast re-authentication
> username would not be sufficient protection?
An attacker could request permanent ID with AT_PERMANENT_ID_REQ. Maybe
we could configure wpa_supplicant to be conservative to defend in such
scenario, but that also means if auth server loses the pseudonym then
peer will fail to connect with legitimate server too.

Please also note that both
> EAP-SIM and EAP-AKA send out the username in plaintext during their
> exchange, so it does not really matter at all how much one would try to
> protect the value sent in EAP-Response/Identity. You can already send
> "anonymous@<operator realm>" there and leave the username determination
So maybe encryption needs to happen in the AT_IDENTITY attribute
present in the EAP-Response/SIM/Start message (EAP-SIM) and in the
EAP-Response/AKA-Identity message (EAP-AKA). Also because of size
limitation in RADIUS attribute "User-Name", it may not be possible to
do RSA encryption of EAP Identity in EAP-Response/Identity packet.


> --
> Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list