AES encrypted passwords
Stefan Winter
stefan.winter at restena.lu
Fri Sep 30 15:57:37 CEST 2016
Am 30.09.2016 um 12:09 schrieb Dom Latter:
>
>
> On 29/09/16 17:57, Bogdan Rudas via Freeradius-Users wrote:
>> Hello Dom,
>>
>> Why don't you go with EAP-TTLS+PAP ? Plain-text password transferred over
>> TLS-secured channel let you use any hashing algorithm you want in your
>
> As far as I can work out, out-of-the-box support for this protocol only
> arrived for most things in about 2010. We'll have quite a lot of users
> still using machines older than that. I suspect that for commercial
> reasons, it's not an option. I can ask.
>
>> database. Sure, you have to pay attention for proper device
>> configuration with your CA certificate.
>
> Do you mean a certificate needs to go on the device?
>
> I have had a look at this:
> http://cloudessa.com/tips-and-tricks/how-to-setup-eap-ttls-with-inner-pap-authentication-protocol-on-mac-os/
>
> for example and it does not look like a certificate *needs* installing.
You didn't read this yet, did you? Section "User Device Configuration":
http://freeradius.org/enterprise-wifi.html
No CA checks means all your passwords are up for grabbing for everyone
with a glimpse on Enterprise Wi-Fi.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160930/95b37968/attachment.sig>
More information about the Freeradius-Users
mailing list