Home page logo

basics logo Security Basics mailing list archives

802.1x and PEAP
From: Camillo Bucciarelli <camillobucciarelli () yahoo it>
Date: Tue, 2 Mar 2004 11:15:55 +0100 (CET)

Good morning,
  I’m looking for detailed information about the
Protected EAP. I can’t understand what the supplicant
and Access Server use to establish the TLS tunnel.
Here's an example:
Authenticating Peer     Authenticator
-------------------     -------------
                        <- EAP-Request/
Identity (MyID) ->
                        <- EAP-Request/
                        EAP-Type=PEAP, V=0
                        (PEAP Start, S bit set)
EAP-Type=PEAP, V=0
(TLS client_hello)->
                        <- EAP-Request/
                        EAP-Type=PEAP, V=0
                        (TLS server_hello,
                         TLS certificate,
                 [TLS server_key_exchange,]
                 [TLS certificate_request,]
                     TLS server_hello_done)
EAP-Type=PEAP, V=0
([TLS certificate,]
 TLS client_key_exchange,
[TLS certificate_verify,]
 TLS change_cipher_spec,
 TLS finished) ->
                        <- EAP-Request/
                        EAP-Type=PEAP, V=0
                        (TLS change_cipher_spec,
                         TLS finished)
EAP-Type=PEAP ->
TLS channel established
(messages sent within the TLS channel)
They exchange a server_key_exchange and a
client_key_exchange used to derive the session key. 

It seems to me that the key exchange between the
client and the server is done in clear text, but this
means that I can actually sniff this exchange. Now,
this seems not logical to me.  Anyone here has any
idea about "where" I am wrong ? Do the two elements
hash in some way the keys ?  Or, another possibility,
do we actually have the client key encrypted with the
public key that belongs to the server - that is of
course available - and we have the server key *only*
that is transmitted in clear text ?  In the TLS
protocol of course the two key are encrypted with the
ublic key of the "other end".  But in PEAP ?

Thanks in advance,

Camillo Bucciarelli

Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam

Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of

Download your free trial at

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]