PAP what password encryption is used?

sphaero arnaud at sphaero.org
Fri Aug 8 11:53:19 CEST 2008


Hello,

I've been asked to setup freeradius to talk to a SQL Server database which
contains users and passwords. This was not so much of a pain but I can't
figure what password encryption is used. So I had hoped somebody with some
more password encryption experience could shine a light here :)

In the database I've set a password to 'testing' which results in the
database as:

DC724AF18FBDD4E59189F5FE768A5F8311527050

This looks like a SHA algorithm? I've browsed through the source code of the
program that generates these password hashes. Indeed it uses SHA. This is
the library they use:
http://www.aspencrypt.com/object_context.html#CreateHash. They use the
'calgSHA'. 
But when I set the Password attribute in freeradius to SHA_password it
doesn't match.

It reads the database succesfully when I set User_password and use the hash
as a password:

radtest test at bla.com DC724AF18FBDD4E59189F5FE768A5F8311527050 localhost 0
testing123
Sending Access-Request of id 61 to 127.0.0.1 port 1812
	User-Name = "test at bla.com"
	User-Password = "DC724AF18FBDD4E59189F5FE768A5F8311527050"
	NAS-IP-Address = 255.255.255.255
	NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=61, length=43
	Service-Type = Framed-User
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "132"

But when I change User-Password to SHA-Password it doesn't match:
radtest test at bla.com testing localhost 0 testing123
Sending Access-Request of id 131 to 127.0.0.1 port 1812
	User-Name = "test at bla.com"
	User-Password = "testing"
	NAS-IP-Address = 255.255.255.255
	NAS-Port = 0
Re-sending Access-Request of id 131 to 127.0.0.1 port 1812
	User-Name = "test at bla.com"
	User-Password = "testing"
	NAS-IP-Address = 255.255.255.255
	NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=131, length=20

So this isn't a SHA password hash? I don't know for sure if this the same
encryption method but 
'echo testing | openssl sha' generates a different hash:
581165b0cc90703a8e669d91effba108fbe2c83c

Rg,

Arnaud
-- 
View this message in context: http://www.nabble.com/PAP-what-password-encryption-is-used--tp18887393p18887393.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list