sha128 or sha256 support?
Alan DeKok
aland at deployingradius.com
Thu May 27 17:19:36 CEST 2021
On May 27, 2021, at 12:51 AM, Honglak Kim via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Per the FreeRADIUS document, "That shared secret followed by the Request Authenticator is put through a one-way MD5 hash to create a 16 octet digest value which is xored with the password entered by the user, and the xored result placed in the User-Password attribute in the Access-Request packet."
> Now I am just wondering how strong the encryption is on the request packet between RADIUS and NAS.If it is just MD5, then the password could be very quickly cracked. Would it be secure enough to use the communication between RADIUS and NAS over the internet?
It's strong enough for most purposes. But... it's better to use radsec or IPSec.
The server comes with documentation on radsec. See raddb/sites-available/tls
Alan DeKok.
More information about the Freeradius-Users
mailing list