Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

About WEP keys and LEAP authentication

Does anyone know something about questions as follows:

Mutual authentication is between Client and AP or between Client and RADIUS?

What does it mean "the client use a one-way hash of the user-supplied password" and when it use? (when client response on the RADIUS challenge or on the start network logon dialog box). In this mind is OTP, One-Time Password. Something about this?

What does it mean "Session key, unicast WEP key, broadcast WEP key" and who and when generate them?

Why we use the "Shared secret" or "LEAP-password" when configure RADIUS and AP for EAP authentication and when they start to play his role on the process of authentication?

Best Regards!

Thanks for cooperation.

Jovan.

4 REPLIES
New Member

Re: About WEP keys and LEAP authentication

Mutual authentication is between Client and AP or between Client and RADIUS?

@@@@@@

http://www.cisco.com/en/US/tech/tk722/tk723/tk398/tech_protocol_home.html

@@@@@@

What does it mean "the client use a one-way hash of the user-supplied password" and when it use? (when client response on the RADIUS challenge or on the start network logon dialog box). In this mind is OTP, One-Time Password. Something about this?

@@@@@@@@@@

Why we use the "Shared secret" or "LEAP-password" when configure RADIUS and AP for EAP authentication and when they start to play his role on the process of authentication?

http://www.cisco.com/en/US/about/ac123/ac114/about_cisco_online_exclusive09186a00800a5cab.html

@@@@@@@@@

Secure key derivation—The original shared secret secure key derivation is used to construct responses to the mutual challenges. It undergoes irreversible one-way hashes that make password-replay attacks impossible. The hash values sent over the wire are useful for one-time use only at the start of the authentication process, and therefore, never after.

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a0080088832.html

@@@@@@@@@@

Hope this help!

Cisco Employee

Re: About WEP keys and LEAP authentication

Mutual authentication is between Client and AP or between Client and RADIUS?

It is between client and radius server

What does it mean "the client use a one-way hash of the user-supplied password" and when it use? (when client response on the RADIUS challenge or on the start network logon dialog box). In this mind is OTP, One-Time Password. Something about this?

for otp use PEAP .

In the leap , user supplies username is user identity , server prepares challange with help of username and password , client responses it and same reverse happens , client challange the server

What does it mean "Session key, unicast WEP key, broadcast WEP key" and who and when generate them?

Session key and unicast key is same . Both client and server generates the

unicast key , server will hand over the unicast key to AP .

Ap randomly generates broadcast key and it will encrpt with unicast key he got and sent to client .

Why we use the "Shared secret" or "LEAP-password" when configure RADIUS and AP for EAP authentication and when they start to play his role on the process of authentication

This shared scret is only bettween AP and radius server to make sure that we are using right radius server and radius server also validats its nas .

there is good wirelee security papers

http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml

New Member

Re: About WEP keys and LEAP authentication

1)The Mutual authentication is between the clinet and the RADIUS.When the user enters a username and password into a network logon dialog box or its equivalent, the client and a RADIUS server perform a mutual authentication, with the client authenticated by the supplied username and password. The RADIUS server and client then derive a client-specific WEP key to be used by the client for the current logon session.

2)One way hash is not same as OTP.It s someting like the authentication happens only in one direction.If its a two way hash,it implies that both sides should authenticate each other.Here,the Radius will send the challlnege and the client will put the username and password in the hash algorithm and send the response to the server.Then the server will run the hash algorithm with the usename password values configured for the client and will get its own response.This response is compared with the response from the client.If it matches,the client is allowed access.As you can see only the server is senting the challnege..So this is called one way hash.

This happen during logon.

3)For information on the different keys ,youcan use the following URL:

http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/a350w_ov.htm

New Member

Re: About WEP keys and LEAP authentication

I believe mutual authentication refers to......Both the Client and the AP authenticate with the RADIUS server, hence the term "mutual".

Read under the "Step by Step: Cisco LEAP" paragraph....

http://www.cisco.com/en/US/about/ac123/ac114/about_cisco_online_exclusive09186a00800a5cab.html

Danny

240
Views
0
Helpful
4
Replies
CreatePlease to create content