Scenario: I have a Windows 2003 running IAS, A DLINK DIR-615 WAP and my laptop. I have setup wireless using 802.1x security utilizing EAP-PEAP.
Everything is working correctly and all is well. I have some confusins on the following items:
1. Since i have set AES (CCMP) as the wireless encryption type, (I have set this in the WAP) does the windows server do any of the Cryptohraphy work for AES or is it just the WAP?
2. I understand that the user name and password are the "Effective User Certificate" (as EAP-PEAP does not use an actual machine certificate) however does that mean that a strong user/pass combo = a stronger encryption key for that session?
3. What role does the Server certificate play in authenticating the account? And is the server certificate public key a determinig factor of Keying Strength? Meaning if the server certificate is 4096 bits vs 1024 bits will you get a stronger "Session Key"? again, based on the strength?
4. Does the SSID have anything to to do with the encryption? (like it does) in standard WPA-PSK?
5. I understand that the "Shared Secret" between the radius authenticator and the authentiction server secures traffice between those 2 points but does it have anything to do with the encryption of session keys?
Sorry to hit you with so many but i am almost done with this test and would really appreciate any help you could provide.