Salted Sha512?

Robert Graham robert_graham at uhaul.com
Thu Jan 15 01:55:25 CET 2015


Matt / Development Team,

Would it be possible to integrate Salted SHA-512 into freeradius. I did
speak with our contact with the PCI Compliance team and they are saying
that the information has to be SHA-512/Salted... In the next few years
they are talking about SHA-3 if it gets finalized.

I would really appreciate if someone on the team could do this :)

Robert Graham
Network Engineer
U-Haul International
2727 N. Central Ave
Phoenix, AZ 85004

FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
writes:
>On Mon, Jan 12, 2015 at 04:29:27PM -0700, Robert Graham wrote:
>> This is what I have but yet I know it is incorrect. I dont want to use
>any
>> groups, it is strictly for someone to logon to our vpn and wireless
>> connections. The passwords are stored in SHA-512 with Salt and
>unicoding.
>
>Just be aware that if your passwords are SHA-512 you're limiting
>wireless authentication to something that involves PAP (e.g.
>EAP/TTLS-PAP), which e.g Windows<8.0 doesn't support natively.
>
>Then you're down to something like Arran suggested
>
>in inner-tunnel authorize:
>
>update control {
>  SHA2-Password := "%{sql:SELECT password FROM table WHERE ...}"
>}
>pap
>
>
>Matthew
>
>
>-- 
>Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
>Systems Specialist, Infrastructure Services,
>I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
>For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list