How secure is the radius encryption

Alan DeKok aland at
Wed Apr 4 08:54:46 CEST 2012

Thomas Glanzmann wrote:
> I wonder if the radius encryption between radius client and radius is
> secure enough if you choose a decent password like the following:

  No one knows.

  The method RADIUS uses isn't encryption.  It's more technically called
"obfuscation" in the crypto world.  The reason is that it's not normal
encryption like AES or DES.  So no one knows what it is.

> 'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a('
> Or if someone should always protect the connection between radius client
> to radius server using ipsec or some other VPN software like for example
> openvpn? I don't want to do radius over the internet but in a coporate
> intranet. However I want also to absolutly sure that noone is reading my
> pap passwords on the wire between radius client and radius server.

  It's secure enough for the local intranet.

  I'd also suggest putting the traffic onto a management VLAN.  That
helps, too.

  Alan DeKok.

More information about the Freeradius-Users mailing list