Export (0) Print
Expand All Master Session Key (MSK) Derivation

Upon successful authentication, Extensible Authentication Protocol Method for Microsoft CHAP derives two 16-byte keys, MasterSendKey and MasterReceiveKey (as specified in [RFC3079], section 3.3).

MS-MPPE key attributes, defined in [RFC2548] section 2.4.2 and 2.4.3, are defined as follows on an Authenticator:

MS-MPPE-Recv-Key      = MasterReceiveKey
MS-MPPE-Send-Key      = MasterSendKey

MS-MPPE keys attributes on a Peer are as populated as follows.

MS-MPPE-Recv-Key      = MasterSendKey
MS-MPPE-Send-Key      = MasterReceiveKey

The Master Session Key[RFC3748] is derived from the two keys as follows:

MSK = MasterReceiveKey + MasterSendKey + 32 bytes zeroes (padding)
© 2014 Microsoft