How secure is the radius encryption
thomas at glanzmann.de
Wed Apr 4 09:49:22 CEST 2012
> The passwords are weakly encrypted using a mechanism that is basically
> an XOR of the password and an MD5 hash of the request authenticator
> and the shared secret.
thanks for the thorough explanation, I'll go with IPSEC or openvpn. I
recall reading in Bruce Schneiers book 'Secret and lies' that xor is
only secure if you use the key only once, so it is very easy to break it
if you see enough traffic, probably also with different usernames.
More information about the Freeradius-Users