Reauthentication Problem

Jose Araujo jlaraujo
Fri Apr 4 08:51:25 PST 2003


Hi.

Well, i don't know if EAP-MD5 supports dynamic keying, i have read 
somewere that it doesn't, but the rfc doesn't seem to indicate that it 
does not.

I also thinking about using MD5, but from what i have read, it enables a 
man in the middle attack, that intercepts your authentication and then 
forward that request to the real AP enabling it to intercept your trafic 
and to crack your password.

If you have few users, then EAP-TLS shouldn't give you too much trouble 
and is much more secure.

So in my limited knowledge i suggest you to either change to TLS or 
disable dynamic keying.

Hope it helps

Jose Araujo

P.S. I am also sending this message to the hostap list. but it takes a 
little more time to be processed :-)

Venkatesh N wrote:

>Hi,
>
>Thanks for you quick response,,,
>
>I need MD5 authentication, so with this requirement what could be done
>to avoid failure of Re-Authentication
>
>regards,
>Venkatesh N
>
>Jose Araujo wrote:
>
>  
>
>>Hy,
>>
>>What version of XP are you using, please try to upgrade to XP SP1 (it
>>seems better, but it removes MD5 auth).
>>
>>In my setup the Key negotiation happens every 5 minutes (300 secs) and i
>>don't have any problem with both the broadcast key and the unicast key
>>(both at wep 128).
>>
>>I even tried to change keys every 20 secs, and it still worked like a charm.
>>
>>Jose Araujo
>>
>>Venkatesh N wrote:
>>
>>
>>    
>>






More information about the Hostap mailing list