Freeradius as a proxy to Windows IAS - Solved!

Alan DeKok aland at deployingradius.com
Tue Jul 31 16:46:07 CEST 2007


A.L.M.Buxey at lboro.ac.uk wrote:
> hmm, its interesting that the key length is an issue - I guess we 
> _could_ have a much larger number with no real issue...but would
> that actually gain anything security wise? I also note that MANY 
> NAS devices have much smaller maximum shared secrets (memory is
> precious I guess..) eg only 16 characters in length!

  Yup.

  MD5 has been pretty much broken.  Many RADIUS secrets can be cracked
in a few minutes.  Shared secrets should be as long as you can make
them, and include upper/lowercase letters, numbers, etc.  That gives
(26+26+10)^16, or about 2^95 possibilities.

  Alan DeKok.



More information about the Freeradius-Users mailing list